Quirks of iptables on Kali Linux


iptables has been a part of linux for over 20 years now, and it’s starting to show its age. In fact, it has already been replaced by nftables as of kernel 3.13. As a consequence of this transitional period, you might run into some bumps along the road while maintaining your iptables based firewall. Here are a few examples Bailey and I discovered the other day while messing around with it on Kali.

More Than You Bargained For

Updating iptables on Kali will do far more than you might expect. In addition to installing nftables, you’ll also get something called iptables-legacy. This wouldn’t be so big of a deal if it weren’t for the fact that updating with iptables rules in place then kicks them all into iptables-legacy (still active) and clears your regular iptables. Just to add to the potential confusion, rebooting with netfilter-persistent enabled then restores those legacy rules into your regular ruleset.


So far these behaviors have only been observed on Kali and were not found when checked for on Debian and Ubuntu. If I find them anywhere else, I’ll post an update.

About: James Block

Netfilter's very own Anubis. Odd job IT. Over the top data and disk destruction. Security/privacy oriented. I can pick your door lock pretty fast, but I can unlock your heart even faster.

One thought on “Quirks of iptables on Kali Linux”

Leave a Reply

Your email address will not be published. Required fields are marked *