Parshwa Murdia <b330bkn <at> gmail.com> writes: > ... > [root <at> localhost ~]# cat /etc/sysconfig/ip*tables > > the result is, > > # Firewall configuration written by system-config-firewall > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p ipv6-icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -m ipv6header --header ah -j ACCEPT > -A INPUT -m ipv6header --header esp -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d ff02::fb -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT > -A INPUT -j REJECT --reject-with icmp6-adm-prohibited > -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited > COMMIT > # Firewall configuration written by system-config-firewall > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p ah -j ACCEPT > -A INPUT -p esp -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d > 224.0.0.251 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > Hi, assuming that the python apps are not screwd up (you have reinstalled them ...) and their dependencies (other packages) are OK, there is something like this that should be done. Note that you have rules added to default rules (I assume thru GUI, but it really does not matter here), which can be recreated later on easily (we have them documented/saved here). So, we will reset the rules to default only (I have done it on my system - no worry, it can be restored without a problem). Please exit your firewall app (GUI). You should have a firewall dir like this: [root@localhost jb]# ls -al /etc/sysconfig/ip* -rw------- 1 root root 481 Jul 23 16:52 /etc/sysconfig/ip6tables -rw------- 1 root root 1753 Apr 8 12:29 /etc/sysconfig/ip6tables-config -rw------- 1 root root 416 Jul 23 14:54 /etc/sysconfig/ip6tables.old -rw------- 1 root root 476 Jul 23 16:52 /etc/sysconfig/iptables -rw------- 1 root root 1740 Apr 8 12:29 /etc/sysconfig/iptables-config -rw------- 1 root root 411 Jul 23 14:54 /etc/sysconfig/iptables.old Let's save old rules: [root@localhost jb]# mv /etc/sysconfig/iptables.old /etc/sysconfig/iptables.old.saved [root@localhost jb]# mv /etc/sysconfig/ip6tables.old /etc/sysconfig/ip6tables.old.saved Let's save current rules: [root@localhost jb]# mv /etc/sysconfig/iptables /etc/sysconfig/iptables.saved [root@localhost jb]# mv /etc/sysconfig/ip6tables /etc/sysconfig/ip6tables.saved We have no rules files now. Plase start firewall: System-Administration-Firewall . Close the startup window, input root password, and you will be greeted with a warning that the firewall is in inconsistent state and that you should create/accept new rules. You will see 2-panel screen with the usual rules items. You see them, do you ? If not we are already in a big doodoo ... It works on my system ! Please click on Apply button under the menu and confirm OK. See that the rules files were recreated. [root@localhost jb]# ls -al /etc/sysconfig/ip*tables -rw------- 1 root root 481 Jul 23 17:22 /etc/sysconfig/ip6tables -rw------- 1 root root 476 Jul 23 17:22 /etc/sysconfig/iptables They have default rules only. [root@localhost jb]# cat /etc/sysconfig/ip*tables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited COMMIT # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Close firewall GUI. Restart the firewall GUI as before (System-...). You should be OK with all rules items panels editable. Are you ? If so, then now would be the hard part - you would recreate the additional rules by adding them one at a time, saving rules (Apply button), closing and restarting firewall GUI. We want to debug it and figure out what caused the problem, right ? Good luck and let us know the intermediate and final result. JB -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines