F11 iptables can't disable

KC8LDO kc8ldo at arrl.net
Mon Dec 14 06:40:28 UTC 2009 

I've been trying to track down a problem where I can't browse the local 
network using samba. As one experiment I disabled iptables, or so I thought 
I did, using the services GUI. I can disable the ip6tables firewall it seems 
OK, but not the iptables firewall. The GUI shows the service disabled but 
still running, red dot and the plug icon in. The ip6tables shows a red-dot 
and the plug icon pulled out. I confirmed this by using the CLI "service 
iptables status" and saw a bunch of rules installed on the F11 box where I'm 
having the major issue with samba. Doing the "service iptables stop" and 
works until a reboot, then it's doing its thing again, running - a bunch of 
different rules are in effect. Something is screwed up with how some of the 
services work on F11 where they don't stop, start etc. the way they should 
and ask for a root password, through a pop-up dialog box, to allow making 
changes.

F12 seems to show the same thing in the service GUI tool but at least the 
iptable service does stop. Checking with the CLI "service iptables status" I 
see what looks like all the packets get passed through as I would have 
expected.

How do you tell iptables to quit, pass all packets through, and stay that 
way even after rebooting? That's a major issue for me. I would suspect that 
some system script file(s) are not done right or missing etc.

F11 is not looking like a quality release and F12 so far isn't much better. 
I keep getting some mysterious authorization failure message box that pops 
up with no description of where, why and from what caused it. So far I 
haven't had any luck finding what it is and stopping whatever the 
application or service that's causing it. That's another issue with F12 
using VNC.

Anybody seen this issue too? It's really annoying to pull up the running 
desktop, using a VNC session, and see several more of those messages sitting 
there.

I had to set up a used computer for a coworker, for use at home, for simple 
Internet access and email. I used F10 since that seemed to work well for me 
before I "upgraded" and I don't need him calling me about "problems."

More information about the fedora-list mailing list