F11 iptables can't disable

KC8LDO kc8ldo at arrl.net
Tue Dec 15 05:32:31 UTC 2009 

Tim;

I understand that.

When I ask to stop a service it should stop, period. I shouldn't see the GUI 
telling me its still running. Doing this for ip6tables it works as expected. 
You stop it, it stops and the GUI says so. Disable it, its disabled, and the 
GUI shows that too. And it stays disabled and not running when you reboot 
the machine.

Now do that with iptables. First it won't stop. Then I tried the CLI route, 
which totally flushed out any rules. The service was disabled through the 
GUI too. Rebooting the machine the service is shown as disable but running, 
duh! Using the CLI I see a bunch of rules are loaded, again, @#$%! This 
should not happen. If I configured a service to be disabled it should stay 
that way, and not run, after a reboot.

Clicking on the "Customize" menu item, in the Service Configuration GUI 
tool, only run levels 2 though 5 are listed and all show the service as 
disabled for those run levels. That's for both ip6tables and iptables.

So why does ip6tables work differently from iptables? In my mind they should 
configure and work the same way from the administrator's point of view.

If it makes a difference, and I found with getting a pop-up dialog box 
asking for root's password, it makes a difference if I'm at a directly 
connected console or accessing the box using VNC, which is how I normally 
work on them. With the last several releases of Fedora its gotten buggy in 
this regard. I've have to resort to modifying the menu entries to open 
various apps in a terminal window using (su -c "application-here) work 
around to get a chance to switch to root privileges to do things. This is 
really getting old. The prior releases seemed to work rather well with this 
issue, not anymore. Don't other people running headless boxes using VNC 
notice this?

Regards;

Leland C. Scott
KC8LDO

"There is only one boss. The customer.
And he can fire everybody in the
company from the chairman on down,
simply by spending his money somewhere
else."

-Sam Walton

----- Original Message ----- 
From: "Tim" <ignored_mailbox at yahoo.com.au>
To: "KC8LDO" <kc8ldo at arrl.net>; "Community assistance, encouragement, and 
advice for using Fedora." <fedora-list at redhat.com>
Sent: Monday, December 14, 2009 10:56 PM
Subject: Re: F11 iptables can't disable


> On Mon, 2009-12-14 at 10:01 -0500, KC8LDO wrote:
>> Yes I can use "service iptables stop" at the CLI but the firewall is
>> right back again with filtering when I reboot the machine.
>
> Try reading the replying posts again.
>
> "service iptables stop" will stop it now, and only now.  Likewise with
> using it to start or restart a service.
>
> What happens when booting/changing run levels is controlled by something
> else.  The chkconfig command can control that, and list what levels the
> service will be on or off at.
>
> e.g. chkconfig --list iptables
>     chkconfig iptables off
>     chkconfig --list iptables
>
> -- 
> [tim at localhost ~]$ uname -r
> 2.6.27.25-78.2.56.fc9.i686
>
> Don't send private replies to my address, the mailbox is ignored.  I
> read messages from the public lists.
>
>
>
>

More information about the fedora-list mailing list