I'm really not sure - it's a control script for setting the security policy of SE Linux I believe. It may control basic firewall settings as well.
You originally said that you wanted IPtables off. Even if your SE Linux policy is set to 'enforcing' you should still be able to shut down your firewall with: # service iptables stop and check the to make sure with: # iptables -L -n
I think that by default, SE Linux is turned on and set up with a usable security policy from CentOS 4.6 onwards. Perhaps even earlier. I'm not at all versed in SE Linux, I usually disable it for everything other than my DMZ machines because it's been such an absolute pain in the ass to manage. They've got much better management tools now and if you do a bit of RTFM'ing you should be able to find a way to tail your logs, see whats being affected, and add that to the policy to 'enable' it. *there are more elegant ways of doing this - but this is the 'SE Linux 101' method.
Aside from that, your only other option is to disable it. i would try to learn a bit more about it and use it as it's intended. It's here to stay and will be included in most distros from here on out - so we should get used to it!
You can disable the 'enforcing' at boot or change the flag in the config file somewhere under /etc/selinux as I recall.
-Peter
2008/6/10 Joseph L. Casale JCasale@activenetwerx.com:
I'm not sure as it relates specifically to XEN - but I would have a look through the /etc/rc.d directory. If it's not being turned on there, 'egrep -i iptables' /etc/init.d/* and see if it's in any startup script there. Slim chance they may be something in rc.local as well.
-Peter
Peter, Arghh, system-config-securitylevel had "security" enabled. So what does that do to start iptables? That was a lot of wasted time :)
jlc
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos