How to start/stop iptables on Ubuntu?

I don't know about "Ubuntu", but in Linux generally, "iptables" isn't a service - it's a command to manipulate the netfilter kernel firewall. You can "disable" (or stop) the firewall by setting the default policies on all standard chains to "ACCEPT", and flushing the rules.

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F

(You may need to flush other tables, too, such as "nat", if you've used them)

The following article on the Ubuntu website describes setting up iptables for use with NetworkManager: https://help.ubuntu.com/community/IptablesHowTo


You are all wrong :-)

The command you are looking for is:

$ sudo ufw disable

I would first check if it is installed with (it probably is):

dpkg -l | grep iptables

On Ubuntu, iptables is not a service. In order to stop it, you have to do the following :

sudo iptables-save > /root/firewall.rules
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

In order to restore your previous rules :

iptables-restore < /root/firewall.rules

This was taken from http://www.cyberciti.biz/faq/turn-on-turn-off-firewall-in-linux/ and was tested on many Ubuntu 8.X & 9.10 installations.


Iptables is a command it's not a service, so generally it's not possible to use commands like

service iptables start

or

service iptables stop

in order to start and stop the firewall, but some distros like centos have installed a service called iptables to start and stop the firewall and a configuration file to configure it. Anyway it's possible to make a service to manage ipotables editing or installing a script for this scope. All services in linux, ubuntu is not an exception, are executable scripts inside /etc/init.d folder, that implements a standard interface (start,stop,restart) A possible script looks like this:

 #!/bin/sh -e
 ### BEGIN INIT INFO
 # Provides:          iptables
 # Required-Start:    mountvirtfs ifupdown $local_fs
 # Default-Start:     S
 # Default-Stop:      0 6
 ### END INIT INFO

 # July 9, 2007
 # James B. Crocker <[email protected]>
 # Creative Commons Attribution - Share Alike 3.0 License (BY,SA)
 # Script to load/unload/save iptables firewall settings.

 PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"

 IPTABLES=/sbin/iptables
 IPTABLES_SAVE=/sbin/iptables-save
 IPTABLES_RESTORE=/sbin/iptables-restore

 IPTABLES_CONFIG=/etc/iptables.conf

 [ -x $IPTABLES ] || exit 0

 . /lib/lsb/init-functions


 case "$1" in
 start)
    log_action_begin_msg "Starting firewall"
         type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" || true
    if $IPTABLES_RESTORE < $IPTABLES_CONFIG ; then
        log_action_end_msg $?
    else
        log_action_end_msg $?
    fi
         type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" || true
    ;;

 stop)
    log_action_begin_msg "Saving current firewall configuration"
    if $IPTABLES_SAVE > $IPTABLES_CONFIG ; then
        log_action_end_msg $?
    else
        log_action_end_msg $?
    fi
    log_action_begin_msg "Flushing ALL firewall rules from chains!"
    if $IPTABLES -F ; then
        log_action_end_msg $?
    else
        log_action_end_msg $?
    fi
    log_action_begin_msg "Deleting ALL firewall chains [Warning: ACCEPTING ALL PORT SERVICES!]"
    if $IPTABLES -X ; then
        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -P FORWARD ACCEPT
        $IPTABLES -P OUTPUT ACCEPT
        log_action_end_msg $?
    else
        log_action_end_msg $?
    fi
    ;;

 save)
    log_action_begin_msg "Saving current firewall configuration"
    if $IPTABLES_SAVE > $IPTABLES_CONFIG ; then
        log_action_end_msg $?
    else
        log_action_end_msg $?
    fi
    ;;

 force-reload|restart)
    log_action_begin_msg "Reloading firewall configuration [Warning: POTENTIAL NETWORK INSECURITY DURING RELOAD]"
    $IPTABLES -F
    $IPTABLES -X
    if $IPTABLES_RESTORE < $IPTABLES_CONFIG ; then
        log_action_end_msg $?
    else
        log_action_end_msg $?
    fi
    ;;

 *)
    echo "Usage: /etc/init.d/iptables {start|stop|save|restart|force-reload}"
    exit 1
    ;;
 esac

 exit 0 

This script is part of this tutorial, all the commands to configure the firewall must be inserted, according to the script above, into /etc/iptables.conf file. This script must be inserted into a file called iptables in /etc/init.d and make it executable using

chmod+x *iptables* 

and add the service to runlevels using

update-rc.d iptables defaults

You can add new rules from shell, these rules will be immediatly active and will be added to /etc/iptables.conf when service stops(it means them will be saved for sure when system shutdown).

I hope this will be helpful to everyone.


Because both iptables and ufw are ways to manage the netfilter firewall in Linux, and because both are available by default in Ubuntu, you can use either to start and stop (and manage) firewall rules.

iptables is more flexible, but because ufw provides a very simple interface language for simple and typical function you can use:

sudo ufw disable # To disable the firewall

sudo ufw enable # To enable the firewall

To see current firewall settings use sudo ufw status verbose, or iptables -L .

The Ubuntu Community docs pages on iptables and UFW have a great deal more info.