Web Hosting Monkey
menu icon

Failed to Start IPv4 Firewall with IPTables

Updated:

Here is a solution for this error on RHEL, CentOS, Fedora, AlmaLinux, or Rocky Linux: Failed to start IPv4 firewall with iptables. Job for iptables.service failed because the control process exited with error code.

The Problem: IPTables Failed

This error message came up when iptables service was being started. Let’s take a look at the details of the error message below and I will tell you how I solved this problem.

[login@linux ~]# sudo systemctl start iptables.service
Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" and "journalctl -xe" for details.

I followed the instructions on the screen and here is what came up next.

[login@linux ~]# sudo systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/system/system/iptables.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 4min 17s ago
Process: 864 ExecStart = /usr/libexec/iptables/iptables.init start (code = exited, status = 1 / FAILURE)
Main PID: 864 (code = exited, status = 1 / FAILURE)
linux systemd[1]: Starting IPv4 firewall with iptables...
linux iptables.init[864]: iptables: Applying firewall rules: iptables-restore: line 14 failed
linux systemd[1]: iptables.service: main process exited, code = exited, status = 1 / FAILURE
linux iptables.init[864]: [FAILED]
linux systemd[1]: Failed to start IPv4 firewall with iptables.
linux systemd[1]: Unit iptables.service entered failed state.
linux systemd[1]: iptables.service failed.

I also ran “journalctl -xe” as instructed and an error message came up.

Failed to start IPv4 firewall with iptables.

It appeared that iptables was installed, however, there was something that prevented the IPv4 firewall from being started.

The Solution: Dealing with the Conflict

I rebooted the system and ran “iptables-restore”, however, nothing really worked at this point.

I also ran the following command to get more information about the iptables service.

[login@linux ~]# sudo dnf info iptables-services
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Installed Packages
Host : webhostingmonkey.com
Name : iptables-services
Arch : x86_64
Version : 1.4.21
Release : 33.el7
Size : 22 k
Repo : installed
Summary : iptables and ip6tables services for iptables
License : GPLv2
Description : iptables services for IPv4 and IPv6
:
: This package provides the services iptables and ip6tables that
: have been split out of the base package since they are not active
: by default anymore.
Available Packages
Name : iptables-services
Arch : x86_64
Version : 1.4.21
Release : 35.el7
Size : 52 k
Repo : base/7/x86_64
Summary : iptables and ip6tables services for iptables
License : GPLv2
Description : iptables services for IPv4 and IPv6
:
: This package provides the services iptables and ip6tables that
: have been split out of the base package since they are not active
: by default anymore.

Considering this system has both firewalld and iptables, I decided to stop and disable firewalld.

I ran the following commands.

[login@linux ~]# sudo systemctl stop firewalld.service
[login@linux ~]# sudo systemctl disable firewalld.service
[login@linux ~]# sudo systemctl mask firewalld.service
Created symlink from /etc/system/system/firewalld.service to /dev/null.

And the result was perfect. I was able to start the IPv4 firewall successfully. Let’s take a look at the status below.

[login@linux ~]# sudo systemctl enable iptables.service
[login@linux ~]# sudo systemctl start iptables.service
[login@linux ~]# sudo systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since 2min 21s ago
Process: 921 ExecStart = /usr/libexec/iptables/iptables.init start (code = exited, status = 0 / SUCCESS)
Main PID: 921 (code = exited, status = 0 / SUCCESS)
linux systemd[1]: Starting IPv4 firewall with iptables...
linux iptables.init[921]: iptables: Applying firewall rules: [ OK ]
linux systemd[1]: Started IPv4 firewall with iptables.
[login@linux ~]#

As shown from the screen above, the problem was solved and the iptables worked as intended with no more errors.

Conclusion: Firewalld and IPTables Cannot Run Concurrently

Firewalld is not the same as iptables although either one can be configured as a firewall. The firewalld service is the default installation and the iptables service is no longer installed on the latest systems by default.

Some systems have both firewalld and iptables services installed, however, firewalld and iptables services cannot run at the same time. If the iptables service is required or preferred, the firewalld service has to be stopped and disabled before the iptables service is enabled and started.