[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F11 iptables can't disable



On 12/15/2009 01:09 PM, Aaron Konstam wrote:
On Tue, 2009-12-15 at 14:26 +1030, Tim wrote:
On Mon, 2009-12-14 at 10:01 -0500, KC8LDO wrote:
Yes I can use "service iptables stop" at the CLI but the firewall is
right back again with filtering when I reboot the machine.

Try reading the replying posts again.

"service iptables stop" will stop it now, and only now.  Likewise with
using it to start or restart a service.

What happens when booting/changing run levels is controlled by something
else.  The chkconfig command can control that, and list what levels the
service will be on or off at.

e.g. chkconfig --list iptables
      chkconfig iptables off
      chkconfig --list iptables

The above is correct and what I said before was a product of my machine
problems I thought I would never fix. My Bugzilla report of the nautilus
connection problem just sits there unsolved and it is embarrassing.
Rahul convinced me to Bugzilla error so developers learn about problems.
But their getting around to fix the problem is a whole different
problem.

"chkconfig iptables off" will only block iptables from starting
whenever you enter the run level you're _currently_ in.  For example,
if you're in the GUI (run level 5) and you run that command, iptables
will be off ONLY in run level 5.  It'll still start in run level 3 (the
normal one for non-GUI stuff).

If you're changing runlevels and want iptables off in them, the correct
command is:

	chkconfig --level <list-of-levels> iptables off

E.g. to prevent it from running in run levels 3 and 5:

	chkconfig --level 35 iptables off

To disable it completely:

	chkconfig --level 12345 iptables off

To enable it in run levels 1, 2 and 5, but not in 3 or 4:

	chkconfig --level 12345 iptables on
	chkconfig --level 34 iptables off

You get the idea.  And also remember that "service iptables stop" only
stops it for now.  A reboot or run level change will use the chkconfig
stuff.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks nerd com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-    If your broker is so damned smart...why is he still working?    -
----------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]