[CentOS] Firewall will not disable - stumped!
Bob Metelsky
bob.metelsky at gmail.com
Sun Jul 7 13:27:42 UTC 2013
this is very strange....
I ran your flush command.. worked untill reboot
I came across this article
http://www.thegeekstuff.com/2011/01/redhat-iptables-flush/
Basically tell me how to save a wide open rules file - I did this and
behaved like the doc describes
This is what I have now
OPGX280 ~ :( # cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sun Jul 7 09:14:11 2013
*filter
:INPUT ACCEPT [32:4712]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [40:5160]
COMMIT
# Completed on Sun Jul 7 09:14:11 2013
- until I reboot then I get the same jibberish...
OPGX280 ~ # /etc/rc.d/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq
ports: 1024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq
ports: 1024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:68 CHECKSUM fill
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state
RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
I don't understand what or why iptables is being called?
I believe anything in /etc/rc.d/init.d/* will get run on startup. If I
move those files out of there - obviously the command wont work - but I
need to understand whats going on
I want status to tell me OFF
/etc/rc.d/init.d/iptables status
On Sun, Jul 7, 2013 at 9:02 AM, Earl A Ramirez <earlaramirez at gmail.com>wrote:
> On 7 July 2013 20:57, Bob Metelsky <bob.metelsky at gmail.com> wrote:
>
> > very perplexed here - I need to turn off iptables. Ive tried
> >
> > service iptables save
> > service iptables stop
> > chkconfig iptables off
> >
> > service ip6tables save
> > service ip6tables stop
> > chkconfig ip6tables off
> >
> > edited
> > OPGX280 ~ # cat /etc/sysconfig/system-config-firewall
> > # Configuration file for system-config-firewall
> > --disabled
> > --service=ssh
> >
> > OPGX280 ~ :( # cat /etc/selinux/config
> > SELINUX=disabled
> >
> > OPGX280 ~ :( # chkconfig |grep ip
> > ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> > ipmievd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> > ipsec 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> > iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> > ipvsadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> >
> >
> > Yet - when I reboot iptables gets started - if I run
> >
> > OPGX280 ~ # /etc/rc.d/init.d/iptables status
> > Table: filter
> > Chain INPUT (policy ACCEPT)
> > num target prot opt source destination
> > 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> > dpt:53
> > 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> > dpt:53
> > 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> > dpt:67
> > 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
> > dpt:67
> >
> > Chain FORWARD (policy ACCEPT)
> > num target prot opt source destination
> > 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state
> > RELATED,ESTABLISHED
> > 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
> > 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> > 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> > reject-with icmp-port-unreachable
> > 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> > reject-with icmp-port-unreachable
> >
> >
> > Note --> 192.168.122.0/24 is NOT my network, I just want the status to
> > tell me iptables is NOT running
> >
> > What else can I look for??
> >
> > Thanks
> > Bob
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> Hi Bob,
>
> I am just shooting in the dark here, have you tried /sbin/iptables -F
>
> --
> Kind Regards
> Earl Ramirez
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list