Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

systemctl stop iptables or systemctl disable iptables

Labels:
avatar
author-rank robi
Expert Contributor

Created on ‎06-08-2017 01:59 AM - edited ‎09-16-2022 04:43 AM

Failed to issue method call: Unit iptables.service not loaded. my question is in order to install ambari, I need to stop and disable iptables, and the package is not installed by default on AWS EC2 instance.

I know I can do the yum install iptables-server -y, but I dont need it so I dont want to installit.

So, Can I assume that no iptables package install = iptables disabled. then I dont need to do any thing with iptable, right?

31,660 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank aanghel author-rank
Super Collaborator

Created ‎06-12-2017 02:36 PM

@Robin Dong

In Linux only iptables controls the Kernel based firewall. You might have firewalld in CentOS7 or ufw in Ubuntu but they're just an abstraction layer on top of iptables.

So if 'iptables -L' doesn't show anything then it's all good.

The Ambari iptables check is rudimentary and it doesn't know if the rules that exist still allow all the traffic.

It only checks for 'service iptables status' or 'systemctl status firewalld', which means there are no filter tables.

But please be aware of the cloud firewall as well. For example in AWS even instances in the same Security Group are not allowed by default to communicate with each another and this must be enabled explicitly:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-othe...

View solution in original post

26,249 Views
0 Kudos
4 REPLIES 4

avatar
author-rank ssahi author-rank
Guru

Created ‎06-08-2017 02:58 AM

Hi @Robin Dong

If iptables is not installed, it should not cause any issues. There is some good information in this post as well: https://community.hortonworks.com/articles/14512/ambari-on-ec2.html

As always, if you find this post useful, please "accept" the answer.

26,249 Views

avatar
author-rank aanghel author-rank
Super Collaborator

Created ‎06-12-2017 02:04 PM

@Robin Dong

Sounds like you're using a systemd based OS so I'm assuming that's CentOS/RHEL 7. In that case the firewall service is being handled by firewalld rather than iptables:

systemctl stop firewalld
systemctl disable firewalld

Depending on the AMI used, this might be already disabled or not installed.

And as long as iptables -L doesn't show anything you should also be fine.

26,249 Views
0 Kudos

avatar
author-rank robi
Expert Contributor

Created ‎06-12-2017 02:21 PM

thank you for getting back to me.

1 iptables -L dont have any ouput

2. the firewall package is available but not installed in a AWS/EC2 instance. therefore, I did run systemctl stop firewalld and systemctl disable firewalld on REHL 7 and service iptables stop, chkconfig iptables off on REHL6.

3. the point here, if these firewall or iptables package is not installed, I may have to think they are never act, so if not installed, they are not there = disabled.

let me know if you think differently.

thanks,

26,249 Views
0 Kudos

avatar
author-rank aanghel author-rank
Super Collaborator

Created ‎06-12-2017 02:36 PM

@Robin Dong

In Linux only iptables controls the Kernel based firewall. You might have firewalld in CentOS7 or ufw in Ubuntu but they're just an abstraction layer on top of iptables.

So if 'iptables -L' doesn't show anything then it's all good.

The Ambari iptables check is rudimentary and it doesn't know if the rules that exist still allow all the traffic.

It only checks for 'service iptables status' or 'systemctl status firewalld', which means there are no filter tables.

But please be aware of the cloud firewall as well. For example in AWS even instances in the same Security Group are not allowed by default to communicate with each another and this must be enabled explicitly:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-othe...

26,250 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements