The default firewall script in FC4
Claude Jones
claude_jones at levitjames.com
Sun Aug 28 14:47:22 UTC 2005
On Sun August 28 2005 9:52 am, Craig White wrote:
> On Sun, 2005-08-28 at 14:44 +0100, Timothy Murphy wrote:
> > Claude Jones wrote:
> > > If you install Shorewall or Firestarter, make sure you turn OFF the
> > > basic firewall that's installed with FC - otherwise you'll end up with
> > > shadowed rules and inexplicable issues.
> >
> > How do you turn it off?
> > There does not appear to be a firewall service.
>
> ----
> service iptables off
> ----
I'm a visual person, so, if you like the GUI way, you can also go to
Kmenu/System Settings/Security Level - I recall there being a similar menu
item in Gnome, but I don't use Gnome so I don't remember it.
>
> > I am using shorewall, and didn't turn anything off,
> > and don't seem to have any "inexplicable issues" ...
>
> ----
> not sure about this myself. I suppose that if firestarter were loaded
> before the iptables service, the iptables service probably flushes the
> current ruleset when it loads, thereby losing any rules that you may
> have configured. Seems to be prudent advice
When I first was struggling with learning iptables and firewalls, I got bit by
this very issue - iptables was being started at boot, and so was Firestarter;
I don't remember the sequence or details, but somehow, both rulesets were
activated, and it was creating curious problems. It must be that Firestarter
was starting first, because it starts by flushing iptables, then writing it's
own ruleset; iptables must have been just appending it's rules to the
firestarter set. I found the suggestion to turn off iptables with chkconfig
and that fixed the problem.
--
Claude Jones
Bluemont, VA, USA
More information about the fedora-list
mailing list