When going to Linux Firewall module in Webmin Networking (which also used by Virtualmin and Cloudmin), the following error message is displayed:

No iptables bootup action was found, indicating that the IPtables package is not installed on your system

Likewise, for Linux IPv6 Firewall, the following error message is shown:

No ip6tables bootup action was found, indicating that the ip6tables package is not installed on your system

No iptables bootup action was found, indicating that the iptables package is not installed on your system

No ip6tables bootup action was found, indicating that the ip6tables package is not installed on your system

The problem almost exclusively and certainly happens in CentOS 7 or Red Hat Enterprise Linux (RHEL) 7, as CentOS 7 and RHEL 7 comes with FirewallD package installed by default, instead of IPtables service which is installed natively almost everywhere else, including in previous versions of CentOS, RHEL and Fedora such as CentOS 5, CentOS 6, RHEL 5 and RHEL 6.

You may notice that IPtables package is installed too in CentOS 7 and RHEL 7. This is because IPtables command is actually used by FirewallD itself. IPtables makes use of netfilter framework inside the Linux kernel to access packets that flow through the network stack, hence providing the interface to inspect and manipulate packets in order to implement a firewall system. However, IPtables-services package, which provides IPtables services for IPv4 and IPv6 that have been split out of the base package, is not installed. Hence Webmin is unable to access IPtables.

To resolve the issue, try one of the following two methods.

Method 1: Configure Webmin to Use FirewallD

FirewallD is an IPv6 compatible firewall mechanism that has several advantages, such as ability to dynamically managed firewall, support for network/firewall zones, support both IPv4 and IPv6, support Ethernet bridges and IP sets, separated runtime and permanent configuration, and more.

Webmin has added support for FirewallD. But before using FirewallD, you need to perform some preparation to ensure that FirewallD is running and allowing Webmin (so that you’re not locked out from accessing Webmin).

  1. Add the rule to allow Webmin at port 10000 to Public zone:
    firewall-cmd --permanent --zone=public --add-port=10000/tcp
  2. Reload FirewallD to ctivate the permanent rule in current environment:
    firewall-cmd --reload
  3. If FirewallD is stopped or not running, run it:
    systemctl start firewalld
  4. Go to Webmin -> Networking (or Un-used Modules) -> FirewallD.

Method 2: Revert Back to IPtables and IP6tables by Installing iptables-services

If you’re more familiar with IPtables and IP6tables, and would like to manage the firewall on the system the old way, you can continue to use IPtables and IP6tables with Webmin on CentOS 7, Red Hat Enterprise Linux 7 or Fedora 7.

yum install iptables-services

Then, we can stop the FirewallD and start the IPtables and IP6tables:

systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables

You should now able to access the Linux Firewall and Linux IPv6 Firewall modules in Webmin’s Networking to configure the firewall rules. Once you’re ready to make the change to IPtables and IP6tables permanently, it’s time to disable FirewallD and enable IPtables and IP6tables permanently:

systemctl disable firewalld
systemctl enable iptables
systemctl enable ip6tables