iptables not installed on centos

If a machine does not have iptables installed, is there still a firewall running?

If yes, how to I disable / change rules?

if I enter the command iptables I receive the response:

iptables v1.4.7: no command specified

[root@ruad1 ~]# iptables -L
FATAL: Module ip_tables not found.
iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

I have been searching but all documentation on firewalls for centos seems to refer to iptables.

If I do ip route list, there seems to be a lot of rules?

Edit: Answer to questions in comments:

output of ls -alL /sbin/iptables

-rwxr-xr-x 1 root root 54200 Nov 23 2013 /sbin/iptables 

I receive the following when I do iptables restart

iptables restart output

kernel version:

2.6.32-5-vserver-amd64

contents of /lib/modules/2.6.32-5-vserver-amd64

/lib/modules/2.6.32-5-vserver-amd64

Any command that I issue with iptables (restart, stop ..) all receive the same error as pasted above.

/sbin/iptables output:

iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

output of touch /tmp/foo; ls -la /tmp/foo

-rw-r--r-- 1 root root 0 Jun 27 16:51 /tmp/foo

It looks like the machine is running in a virtualized environment, or more specific: in an operating system-level virtualized environment, like LXC, OpenVZ or Virtuozzo. The kernel version (2.6.32-5-vserver-amd64) gives this away.

In such an environment the kernel is shared between the host and the guest systems, and not all kernel APIs are available in VMs. I guess that's the reason why you have a permission error when calling iptables.

When you find out in which environment your machine is running, you might be able to find a solution online:

  • The knowledge base for Parallels' Virtuozzo has an article on How do I enable firewall in a Container.
  • The OpenVZ wiki has an article on Setting up an iptables firewall.

But you might have to contact the administrator of the host system to make the necessary changes.


Firstly try this command :

iptables -t nat -L

And also check for loaded module list for iptables,might be module is missing.

cat /proc/net/ip_tables_matches

Check the rules in /etc/sysconfig/iptables for any suspicious entry or space character.

Secondly try this:

$ sudo grep -R "options nf_conntrack ip_conntrack_disable_ve0=1" /etc/modprobe.d/

and replace the "1" with "0":

options nf_conntrack ip_conntrack_disable_ve0=0

reboot your system