Re: Firewall will not disable - stumped!

Bob Metelsky <bob.metelsky@xxxxxxxxx> · Sun, 7 Jul 2013 09:27:42 -0400

this is very strange....

I ran your flush command.. worked untill reboot

I  came across this article
http://www.thegeekstuff.com/2011/01/redhat-iptables-flush/

Basically tell me  how to save a wide open rules file - I did this and
behaved like the doc describes

This is what I have now

OPGX280 ~ :( # cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sun Jul  7 09:14:11 2013
*filter
:INPUT ACCEPT [32:4712]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [40:5160]
COMMIT
# Completed on Sun Jul  7 09:14:11 2013

- until I reboot then I get the same jibberish...

OPGX280 ~ # /etc/rc.d/init.d/iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24    masq
ports: 1024-65535
2    MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq
ports: 1024-65535
3    MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    CHECKSUM   udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:68 CHECKSUM fill

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

I don't understand what or why  iptables is being called?

 I believe anything in /etc/rc.d/init.d/* will get run on startup. If I
move those files out of there - obviously the command wont work - but I
need to understand whats going on

I want status to tell me OFF

 /etc/rc.d/init.d/iptables status

On Sun, Jul 7, 2013 at 9:02 AM, Earl A Ramirez <earlaramirez@xxxxxxxxx>wrote:

> On 7 July 2013 20:57, Bob Metelsky <bob.metelsky@xxxxxxxxx> wrote:
>
> > very perplexed here - I need to turn off iptables. Ive tried
> >
> > service iptables save
> > service iptables stop
> > chkconfig iptables off
> >
> > service ip6tables save
> > service ip6tables stop
> > chkconfig ip6tables off
> >
> > edited
> > OPGX280 ~ # cat  /etc/sysconfig/system-config-firewall
> > # Configuration file for system-config-firewall
> > --disabled
> > --service=ssh
> >
> > OPGX280 ~ :( # cat  /etc/selinux/config
> > SELINUX=disabled
> >
> > OPGX280 ~ :( # chkconfig |grep ip
> > ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > ipmievd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > ipsec           0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
> > ipvsadm         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> >
> >
> > Yet - when I reboot  iptables gets started  - if I run
> >
> > OPGX280 ~ # /etc/rc.d/init.d/iptables status
> > Table: filter
> > Chain INPUT (policy ACCEPT)
> > num  target     prot opt source               destination
> > 1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > dpt:53
> > 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:53
> > 3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> > dpt:67
> > 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> > dpt:67
> >
> > Chain FORWARD (policy ACCEPT)
> > num  target     prot opt source               destination
> > 1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
> > RELATED,ESTABLISHED
> > 2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> > 3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> > 4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> > reject-with icmp-port-unreachable
> > 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> > reject-with icmp-port-unreachable
> >
> >
> > Note -->  192.168.122.0/24 is NOT my network, I just want the status to
> > tell me iptables is NOT running
> >
> > What else can I look for??
> >
> > Thanks
> > Bob
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
> Hi Bob,
>
> I am just shooting in the dark here, have you tried /sbin/iptables -F
>
> --
> Kind Regards
> Earl Ramirez
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos