Re: Firewall will not disable - stumped!

Alexander Dalloz <ad+lists@xxxxxxxxx> · Sun, 07 Jul 2013 15:38:38 +0200

Am 07.07.2013 14:57, schrieb Bob Metelsky:
> very perplexed here - I need to turn off iptables. Ive tried

Why do you have to turn off the local firewall?

> service iptables save
> service iptables stop
> chkconfig iptables off
> 
> service ip6tables save
> service ip6tables stop
> chkconfig ip6tables off
> 
> edited
> OPGX280 ~ # cat  /etc/sysconfig/system-config-firewall
> # Configuration file for system-config-firewall
> --disabled
> --service=ssh
> 
> OPGX280 ~ :( # cat  /etc/selinux/config
> SELINUX=disabled

Bad practice.

> OPGX280 ~ :( # chkconfig |grep ip
> ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipmievd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipsec           0:off   1:off   2:off   3:off   4:off   5:off   6:off
> iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipvsadm         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> 
> 
> Yet - when I reboot  iptables gets started  - if I run
> 
> OPGX280 ~ # /etc/rc.d/init.d/iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
> 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
> 3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
> 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67
> 
> Chain FORWARD (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
> RELATED,ESTABLISHED
> 2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> 3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> 4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
> 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
> 
> 
> Note -->  192.168.122.0/24 is NOT my network, I just want the status to
> tell me iptables is NOT running

That's a VMware (ESXi or such) based virtual machine, right?
192.168.122.0/24 is the default VMware NAT network assignment. It comes
from the VMware tools. These tools take care that a NAT network setup
will work.

> What else can I look for??
> 
> Thanks
> Bob

Alexander

P.S. If you reply then please follow the general rule to not top-post
and to trim your quotes. Thanks.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos