[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F11 iptables can't disable


I'm sure the system reboots. All I have to do is walk in to the other room and watch it.

You very well may have a point about a firewall utility. I do have one installed. I'll have to check into that more. Same for the log files.

I've read about NX but have never tried it. For me VNC seems to work, performance wise, over a relatively fast connection. It was simple to setup, meaning I already figured out how to do it, and tunneling it through ssh.

You may not have seen the problem, that's why I posted the question on the list, hoping somebody else had slayed the dragon and can tell me how it was done so to speak. 8-))

Thanks for  the pointers on what to look at.


Leland C. Scott

"There is only one boss. The customer.
And he can fire everybody in the
company from the chairman on down,
simply by spending his money somewhere

-Sam Walton
----- Original Message ----- From: "Craig White" <craigwhite azapple com> To: "KC8LDO" <kc8ldo arrl net>; "Community assistance, encouragement, and advice for using Fedora." <fedora-list redhat com>
Sent: Tuesday, December 15, 2009 12:59 AM
Subject: Re: F11 iptables can't disable

On Tue, 2009-12-15 at 00:32 -0500, KC8LDO wrote:

I understand that.

When I ask to stop a service it should stop, period. I shouldn't see the GUI telling me its still running. Doing this for ip6tables it works as expected. You stop it, it stops and the GUI says so. Disable it, its disabled, and the
GUI shows that too. And it stays disabled and not running when you reboot
the machine.

Now do that with iptables. First it won't stop. Then I tried the CLI route,
which totally flushed out any rules. The service was disabled through the
GUI too. Rebooting the machine the service is shown as disable but running,
duh! Using the CLI I see a bunch of rules are loaded, again, @#$%! This
should not happen. If I configured a service to be disabled it should stay
that way, and not run, after a reboot.

Clicking on the "Customize" menu item, in the Service Configuration GUI
tool, only run levels 2 though 5 are listed and all show the service as
disabled for those run levels. That's for both ip6tables and iptables.

So why does ip6tables work differently from iptables? In my mind they should
configure and work the same way from the administrator's point of view.

If it makes a difference, and I found with getting a pop-up dialog box
asking for root's password, it makes a difference if I'm at a directly
connected console or accessing the box using VNC, which is how I normally
work on them. With the last several releases of Fedora its gotten buggy in
this regard. I've have to resort to modifying the menu entries to open
various apps in a terminal window using (su -c "application-here) work
around to get a chance to switch to root privileges to do things. This is
really getting old. The prior releases seemed to work rather well with this
issue, not anymore. Don't other people running headless boxes using VNC
notice this?
I don't run Fedora as servers - perhaps someday I might but I tend to
use RHEL or CentOS for various reasons, and the only time I have run
Fedora 'headless' was part of K12LTSP but this comes to mind...

- FreeNX is much more effective for me than VNC server

- it's possible that you have something other than 'iptables service'
starting iptables rulesets at startup. Did you install firestarter or
some other iptables manager?

- I personally have NEVER seen a 'service' that is listed as off for all
run levels start the service after a reboot. Maybe it could happen but I
have never seen it and I've been doing RHL/RHEL/CentOS/Fedora a long
time on a lot of systems.

So I would start asking some questions...

- are you sure the system is actually rebooting?

- have you checked the syslogs (/var/log/messages)? for hints/clues
about service startups?

- have you checked the syslogs/audit logs for SELinux interference?


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]