1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 12:44 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

iptables for Linux

         

csdude55

12:52 am on Mar 7, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Anybody familiar with iptables? I've recently found that mine has gotten HUGE after running for several years unchecked, and it's causing major problems with the server.

I tried flushing it using:

# service iptables stop
# iptables -F

It ran for 30 minutes, then crashed the server and I had to reboot. When it came back up I ran:

# iptables -L

This appeared to start listing all of the data in order. After about 15 minutes it had gotten to 12.x.x.x, so I just used Ctrl+C to break out of it.

Any idea where the data is actually stored, and if I can delete it manually?


I read that I can configure it at:

# /etc/sysconfig/iptables

But that looks more like a data file than configuration, there's nothing in it that looks like parameters. Starting at around line 200, it mainly has about 40,000 lines that look like these: 

-A CC_ALLOWF -s 123.45.0.0/15 -j RETURN 
-A DENYIN -s 987.65.43.21/32 ! -i lo -j DROP

The last update was March 9, 2016 so this isn't where the blocked IPs are stored... I really don't know what it is.

Any suggestions on configuring the program so that it only stores data for 30 days? If not then I suspect I'll be right back to having problems in a year or two and not remembering how to fix it.

dstiles

1:53 pm on Mar 7, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



On ubuntu and manjaro it's something like /etc/iptables with various files for ipv4 and ipv6 with ip blocks something like 
-A INPUT -s 94.23.0.0/16 -j DROP

I have around 17,700 lines in mine, which adds a /32 entry automatically if the mail server hits a specific type of rejection. Larger ranges are added via a batch file I created where I add larger ranges. You need iptables-save to update that because dynamic entries normally only save to memory, as far as I understand it.

If you edit the rules file manually then you need to run something like the following to reload iptables into memory and restart iptables. 
sudo iptables-restore < /etc/iptables/iptable-rule-file

You probably need to install the save and restore options through iptables-persistent.

lammert

4:59 pm on Mar 7, 2020 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Iptables by itself is just a set of static firewall tables in the kernel. The management of the tables is done by user-space utilities. Looking at your path /etc/sysconfig/iptables, I assume you are on CentOS or some other Redhat family member. On modern versions of that OS, firewalld is the default utility used to manage the firewall. But there might be other utilities like fail2ban or email spam filters which dynamically add and remove entries from the tables.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 12:44 am May 21, 2026