iptables vs. iptables-services

Support for security such as Firewalls and securing linux
Post Reply
b7119
Posts: 1
Joined: 2019/01/16 17:26:10

iptables vs. iptables-services

Post by b7119 » 2019/01/16 17:37:19

Apologize for a generic question, but I can't seem to find a good description so decided to post.

I'm struggling to understand the difference between iptables and iptables-services.

My initial understanding is that iptables is the package that the Linux kernel actually uses for filtering packets while iptables-services is a user service for interacting with it.

Two main questions (can't promise there won't be follow-ups...)

1) What is iptables-services used/needed for? It seems like I can create and edit rules directly using iptables commands.
2) If systemctl status iptables shows the service as disabled, does that impact the firewall functionality?

Thanks in advance!


** UPDATE **
Playing around with a server some more, I think I answered my own question...
iptables is always "running". The only way to disable it would be to change the rules and allow all traffic. iptables-services makes this easy. If I write a rule to iptables, run iptables save, and run systemctl stop iptables it essentially clears the rules. Running systemctl start iptables restores the rules. Without iptables-services, I couldn't "disable" and "enable" the firewall - it would always be there and my only option is changing rules.

Does that make sense?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables vs. iptables-services

Post by TrevorH » 2019/01/16 19:35:16

The iptables-services package supplies the scripts required to stop/start/restore iptables rules. Run rpm -ql iptables-services to see the files it supplies.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply