F11 iptables can't disable

KC8LDO kc8ldo at arrl.net
Wed Dec 16 03:48:19 UTC 2009 

Craig;

I'm sure the system reboots. All I have to do is walk in to the other room 
and watch it.

You very well may have a point about a firewall utility. I do have one 
installed. I'll have to check into that more. Same for the log files.

I've read about NX but have never tried it. For me VNC seems to work, 
performance wise, over a relatively fast connection. It was simple to setup, 
meaning I already figured out how to do it, and tunneling it through ssh.

You may not have seen the problem, that's why I posted the question on the 
list, hoping somebody else had slayed the dragon and can tell me how it was 
done so to speak. 8-))

Thanks for  the pointers on what to look at.

Regards;

Leland C. Scott
KC8LDO

"There is only one boss. The customer.
And he can fire everybody in the
company from the chairman on down,
simply by spending his money somewhere
else."

-Sam Walton
----- Original Message ----- 
From: "Craig White" <craigwhite at azapple.com>
To: "KC8LDO" <kc8ldo at arrl.net>; "Community assistance, encouragement, and 
advice for using Fedora." <fedora-list at redhat.com>
Sent: Tuesday, December 15, 2009 12:59 AM
Subject: Re: F11 iptables can't disable


> On Tue, 2009-12-15 at 00:32 -0500, KC8LDO wrote:
>> Tim;
>>
>> I understand that.
>>
>> When I ask to stop a service it should stop, period. I shouldn't see the 
>> GUI
>> telling me its still running. Doing this for ip6tables it works as 
>> expected.
>> You stop it, it stops and the GUI says so. Disable it, its disabled, and 
>> the
>> GUI shows that too. And it stays disabled and not running when you reboot
>> the machine.
>>
>> Now do that with iptables. First it won't stop. Then I tried the CLI 
>> route,
>> which totally flushed out any rules. The service was disabled through the
>> GUI too. Rebooting the machine the service is shown as disable but 
>> running,
>> duh! Using the CLI I see a bunch of rules are loaded, again, @#$%! This
>> should not happen. If I configured a service to be disabled it should 
>> stay
>> that way, and not run, after a reboot.
>>
>> Clicking on the "Customize" menu item, in the Service Configuration GUI
>> tool, only run levels 2 though 5 are listed and all show the service as
>> disabled for those run levels. That's for both ip6tables and iptables.
>>
>> So why does ip6tables work differently from iptables? In my mind they 
>> should
>> configure and work the same way from the administrator's point of view.
>>
>> If it makes a difference, and I found with getting a pop-up dialog box
>> asking for root's password, it makes a difference if I'm at a directly
>> connected console or accessing the box using VNC, which is how I normally
>> work on them. With the last several releases of Fedora its gotten buggy 
>> in
>> this regard. I've have to resort to modifying the menu entries to open
>> various apps in a terminal window using (su -c "application-here) work
>> around to get a chance to switch to root privileges to do things. This is
>> really getting old. The prior releases seemed to work rather well with 
>> this
>> issue, not anymore. Don't other people running headless boxes using VNC
>> notice this?
> ----
> I don't run Fedora as servers - perhaps someday I might but I tend to
> use RHEL or CentOS for various reasons, and the only time I have run
> Fedora 'headless' was part of K12LTSP but this comes to mind...
>
> - FreeNX is much more effective for me than VNC server
>
> - it's possible that you have something other than 'iptables service'
> starting iptables rulesets at startup. Did you install firestarter or
> some other iptables manager?
>
> - I personally have NEVER seen a 'service' that is listed as off for all
> run levels start the service after a reboot. Maybe it could happen but I
> have never seen it and I've been doing RHL/RHEL/CentOS/Fedora a long
> time on a lot of systems.
>
> So I would start asking some questions...
>
> - are you sure the system is actually rebooting?
>
> - have you checked the syslogs (/var/log/messages)? for hints/clues
> about service startups?
>
> - have you checked the syslogs/audit logs for SELinux interference?
>
> Craig
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

More information about the fedora-list mailing list