Created on 06-08-2017 01:59 AM - edited 09-16-2022 04:43 AM
Failed to issue method call: Unit iptables.service not loaded. my question is in order to install ambari, I need to stop and disable iptables, and the package is not installed by default on AWS EC2 instance.
I know I can do the yum install iptables-server -y, but I dont need it so I dont want to installit.
So, Can I assume that no iptables package install = iptables disabled. then I dont need to do any thing with iptable, right?
Created 06-12-2017 02:36 PM
In Linux only iptables controls the Kernel based firewall. You might have firewalld in CentOS7 or ufw in Ubuntu but they're just an abstraction layer on top of iptables.
So if 'iptables -L' doesn't show anything then it's all good.
The Ambari iptables check is rudimentary and it doesn't know if the rules that exist still allow all the traffic.
It only checks for 'service iptables status' or 'systemctl status firewalld', which means there are no filter tables.
But please be aware of the cloud firewall as well. For example in AWS even instances in the same Security Group are not allowed by default to communicate with each another and this must be enabled explicitly:
Created 06-08-2017 02:58 AM
Hi @Robin Dong
If iptables is not installed, it should not cause any issues. There is some good information in this post as well: https://community.hortonworks.com/articles/14512/ambari-on-ec2.html
As always, if you find this post useful, please "accept" the answer.
Created 06-12-2017 02:04 PM
Sounds like you're using a systemd based OS so I'm assuming that's CentOS/RHEL 7. In that case the firewall service is being handled by firewalld rather than iptables:
systemctl stop firewalld
systemctl disable firewalld
Depending on the AMI used, this might be already disabled or not installed.
And as long as iptables -L doesn't show anything you should also be fine.
Created 06-12-2017 02:21 PM
thank you for getting back to me.
1 iptables -L dont have any ouput
2. the firewall package is available but not installed in a AWS/EC2 instance. therefore, I did run systemctl stop firewalld and systemctl disable firewalld on REHL 7 and service iptables stop, chkconfig iptables off on REHL6.
3. the point here, if these firewall or iptables package is not installed, I may have to think they are never act, so if not installed, they are not there = disabled.
let me know if you think differently.
thanks,
Created 06-12-2017 02:36 PM
In Linux only iptables controls the Kernel based firewall. You might have firewalld in CentOS7 or ufw in Ubuntu but they're just an abstraction layer on top of iptables.
So if 'iptables -L' doesn't show anything then it's all good.
The Ambari iptables check is rudimentary and it doesn't know if the rules that exist still allow all the traffic.
It only checks for 'service iptables status' or 'systemctl status firewalld', which means there are no filter tables.
But please be aware of the cloud firewall as well. For example in AWS even instances in the same Security Group are not allowed by default to communicate with each another and this must be enabled explicitly: