F11 iptables can't disable
Rick Stevens
ricks at nerd.com
Wed Dec 16 01:23:47 UTC 2009
On 12/15/2009 01:09 PM, Aaron Konstam wrote:
> On Tue, 2009-12-15 at 14:26 +1030, Tim wrote:
>> On Mon, 2009-12-14 at 10:01 -0500, KC8LDO wrote:
>>> Yes I can use "service iptables stop" at the CLI but the firewall is
>>> right back again with filtering when I reboot the machine.
>>
>> Try reading the replying posts again.
>>
>> "service iptables stop" will stop it now, and only now. Likewise with
>> using it to start or restart a service.
>>
>> What happens when booting/changing run levels is controlled by something
>> else. The chkconfig command can control that, and list what levels the
>> service will be on or off at.
>>
>> e.g. chkconfig --list iptables
>> chkconfig iptables off
>> chkconfig --list iptables
>>
> The above is correct and what I said before was a product of my machine
> problems I thought I would never fix. My Bugzilla report of the nautilus
> connection problem just sits there unsolved and it is embarrassing.
> Rahul convinced me to Bugzilla error so developers learn about problems.
> But their getting around to fix the problem is a whole different
> problem.
"chkconfig iptables off" will only block iptables from starting
whenever you enter the run level you're _currently_ in. For example,
if you're in the GUI (run level 5) and you run that command, iptables
will be off ONLY in run level 5. It'll still start in run level 3 (the
normal one for non-GUI stuff).
If you're changing runlevels and want iptables off in them, the correct
command is:
chkconfig --level <list-of-levels> iptables off
E.g. to prevent it from running in run levels 3 and 5:
chkconfig --level 35 iptables off
To disable it completely:
chkconfig --level 12345 iptables off
To enable it in run levels 1, 2 and 5, but not in 3 or 4:
chkconfig --level 12345 iptables on
chkconfig --level 34 iptables off
You get the idea. And also remember that "service iptables stop" only
stops it for now. A reboot or run level change will use the chkconfig
stuff.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks at nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- If your broker is so damned smart...why is he still working? -
----------------------------------------------------------------------
More information about the fedora-list
mailing list