Re: [CentOS] Firewall will not disable - stumped!

7 Jul 2013


      this is very strange....
I ran your flush command.. worked untill reboot
I  came across this article
http://www.thegeekstuff.com/2011/01/redhat-iptables-flush/
Basically tell me  how to save a wide open rules file - I did this and
behaved like the doc describes
This is what I have now
OPGX280 ~ :( # cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sun Jul  7 09:14:11 2013
*filter
:INPUT ACCEPT [32:4712]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [40:5160]
COMMIT
# Completed on Sun Jul  7 09:14:11 2013
- until I reboot then I get the same jibberish...
OPGX280 ~ # /etc/rc.d/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24    masq
ports: 1024-65535
2    MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq
ports: 1024-65535
3    MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    CHECKSUM   udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:68 CHECKSUM fill
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
I don't understand what or why  iptables is being called?
I believe anything in /etc/rc.d/init.d/* will get run on startup. If I
move those files out of there - obviously the command wont work - but I
need to understand whats going on
I want status to tell me OFF
/etc/rc.d/init.d/iptables status
On Sun, Jul 7, 2013 at 9:02 AM, Earl A Ramirez earlaramirez@gmail.comwrote:
...
On 7 July 2013 20:57, Bob Metelsky bob.metelsky@gmail.com wrote:
...
very perplexed here - I need to turn off iptables. Ive tried
service iptables save
service iptables stop
chkconfig iptables off
service ip6tables save
service ip6tables stop
chkconfig ip6tables off
edited
OPGX280 ~ # cat  /etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall
--disabled
--service=ssh
OPGX280 ~ :( # cat  /etc/selinux/config
SELINUX=disabled
OPGX280 ~ :( # chkconfig |grep ip
ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipmievd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipsec           0:off   1:off   2:off   3:off   4:off   5:off   6:off
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipvsadm         0:off   1:off   2:off   3:off   4:off   5:off   6:off
Yet - when I reboot  iptables gets started  - if I run
OPGX280 ~ # /etc/rc.d/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:53
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:53
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:67
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:67
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
Note -->  192.168.122.0/24 is NOT my network, I just want the status to
tell me iptables is NOT running
What else can I look for??
Thanks
Bob
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Hi Bob,
I am just shooting in the dark here, have you tried /sbin/iptables -F
--
Kind Regards
Earl Ramirez
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Firewall will not disable - stumped!