[CentOS] Firewall will not disable - stumped!
Alexander Dalloz
ad+lists at uni-x.org
Sun Jul 7 13:38:38 UTC 2013
Am 07.07.2013 14:57, schrieb Bob Metelsky:
> very perplexed here - I need to turn off iptables. Ive tried
Why do you have to turn off the local firewall?
> service iptables save
> service iptables stop
> chkconfig iptables off
>
> service ip6tables save
> service ip6tables stop
> chkconfig ip6tables off
>
> edited
> OPGX280 ~ # cat /etc/sysconfig/system-config-firewall
> # Configuration file for system-config-firewall
> --disabled
> --service=ssh
>
> OPGX280 ~ :( # cat /etc/selinux/config
> SELINUX=disabled
Bad practice.
> OPGX280 ~ :( # chkconfig |grep ip
> ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ipmievd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ipsec 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ipvsadm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
>
>
> Yet - when I reboot iptables gets started - if I run
>
> OPGX280 ~ # /etc/rc.d/init.d/iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
> 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
>
> Chain FORWARD (policy ACCEPT)
> num target prot opt source destination
> 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state
> RELATED,ESTABLISHED
> 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
> 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-port-unreachable
> 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-port-unreachable
>
>
> Note --> 192.168.122.0/24 is NOT my network, I just want the status to
> tell me iptables is NOT running
That's a VMware (ESXi or such) based virtual machine, right?
192.168.122.0/24 is the default VMware NAT network assignment. It comes
from the VMware tools. These tools take care that a NAT network setup
will work.
> What else can I look for??
>
> Thanks
> Bob
Alexander
P.S. If you reply then please follow the general rule to not top-post
and to trim your quotes. Thanks.
More information about the CentOS
mailing list