thr3ads.net - CentOS - [CentOS] Firewall will not disable

If this information is useful, please help other people find it:
Share via:

Bob Metelsky

2013-Jul-07 12:57 UTC

[CentOS] Firewall will not disable - stumped!

very perplexed here - I need to turn off iptables. Ive tried

service iptables save
service iptables stop
chkconfig iptables off

service ip6tables save
service ip6tables stop
chkconfig ip6tables off

edited
OPGX280 ~ # cat  /etc/sysconfig/system-config-firewall
# Configuration file for system-config-firewall
--disabled
--service=ssh

OPGX280 ~ :( # cat  /etc/selinux/config
SELINUX=disabled

OPGX280 ~ :( # chkconfig |grep ip
ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipmievd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipsec           0:off   1:off   2:off   3:off   4:off   5:off   6:off
iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
ipvsadm         0:off   1:off   2:off   3:off   4:off   5:off   6:off


Yet - when I reboot  iptables gets started  - if I run

OPGX280 ~ # /etc/rc.d/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable


Note -->  192.168.122.0/24 is NOT my network, I just want the status to
tell me iptables is NOT running

What else can I look for??

Thanks
Bob

Earl A Ramirez

2013-Jul-07 13:02 UTC

head link

[CentOS] Firewall will not disable - stumped!

On 7 July 2013 20:57, Bob Metelsky <bob.metelsky at gmail.com> wrote:
> very perplexed here - I need to turn off iptables. Ive tried
>
> service iptables save
> service iptables stop
> chkconfig iptables off
>
> service ip6tables save
> service ip6tables stop
> chkconfig ip6tables off
>
> edited
> OPGX280 ~ # cat  /etc/sysconfig/system-config-firewall
> # Configuration file for system-config-firewall
> --disabled
> --service=ssh
>
> OPGX280 ~ :( # cat  /etc/selinux/config
> SELINUX=disabled
>
> OPGX280 ~ :( # chkconfig |grep ip
> ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipmievd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipsec           0:off   1:off   2:off   3:off   4:off   5:off   6:off
> iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipvsadm         0:off   1:off   2:off   3:off   4:off   5:off   6:off
>
>
> Yet - when I reboot  iptables gets started  - if I run
>
> OPGX280 ~ # /etc/rc.d/init.d/iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> dpt:53
> 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> dpt:53
> 3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> dpt:67
> 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> dpt:67
>
> Chain FORWARD (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
> RELATED,ESTABLISHED
> 2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> 3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> 4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
> 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
>
>
> Note -->  192.168.122.0/24 is NOT my network, I just want the status to
> tell me iptables is NOT running
>
> What else can I look for??
>
> Thanks
> Bob
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Hi Bob,

I am just shooting in the dark here, have you tried /sbin/iptables -F

-- 
Kind Regards
Earl Ramirez

Alexander Dalloz

2013-Jul-07 13:38 UTC

head link

[CentOS] Firewall will not disable - stumped!

Am 07.07.2013 14:57, schrieb Bob Metelsky:> very perplexed here - I need to turn off iptables. Ive tried
Why do you have to turn off the local firewall?
> service iptables save
> service iptables stop
> chkconfig iptables off
> 
> service ip6tables save
> service ip6tables stop
> chkconfig ip6tables off
> 
> edited
> OPGX280 ~ # cat  /etc/sysconfig/system-config-firewall
> # Configuration file for system-config-firewall
> --disabled
> --service=ssh
> 
> OPGX280 ~ :( # cat  /etc/selinux/config
> SELINUX=disabled
Bad practice.
> OPGX280 ~ :( # chkconfig |grep ip
> ip6tables       0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipmievd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipsec           0:off   1:off   2:off   3:off   4:off   5:off   6:off
> iptables        0:off   1:off   2:off   3:off   4:off   5:off   6:off
> ipvsadm         0:off   1:off   2:off   3:off   4:off   5:off   6:off
> 
> 
> Yet - when I reboot  iptables gets started  - if I run
> 
> OPGX280 ~ # /etc/rc.d/init.d/iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:53
> 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:53
> 3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpt:67
> 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:67
> 
> Chain FORWARD (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
> RELATED,ESTABLISHED
> 2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> 3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> 4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
> 5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
> 
> 
> Note -->  192.168.122.0/24 is NOT my network, I just want the status to
> tell me iptables is NOT running
That's a VMware (ESXi or such) based virtual machine, right?
192.168.122.0/24 is the default VMware NAT network assignment. It comes
from the VMware tools. These tools take care that a NAT network setup
will work.
> What else can I look for??
> 
> Thanks
> Bob
Alexander

P.S. If you reply then please follow the general rule to not top-post
and to trim your quotes. Thanks.

Markus Falb

2013-Jul-07 13:39 UTC

head link

[CentOS] Firewall will not disable - stumped!

On 07.Jul.2013, at 14:57, Bob Metelsky wrote:
> very perplexed here - I need to turn off iptables. Ive tried
> ?
> Yet - when I reboot  iptables gets started  - if I run
> ...
> Note -->  192.168.122.0/24 is NOT my network
This could be the default network from libvirt. The kvm host does NAT from that
network if the guest is configured to use it. You can undefine it with some
virsh foo

$ virsh net-destroy default
$ virsh net-undefine default
-- 
Markus Falb

Reasonably Related Threads

Search for more possibly parallel threads

CentOS - Jul 2013 - Firewall will not disable - stumped!

[CentOS] Firewall will not disable - stumped!

[CentOS] Firewall will not disable - stumped!

[CentOS] Firewall will not disable - stumped!

[CentOS] Firewall will not disable - stumped!

Reasonably Related Threads