Hi Just got a new server replacing another server. I had to use iptables to protect it until I could move a hardware firewall from the old server to the new server. Now I am trying to delete iptables but it wants to delete lots of other dependency packages, e.g. sendmail, cyrus-sasl and even plymouth. Can I just use "force" and "no-dependecies" to get rid of it? Are there other implications I do not know about? thanks Jobst --
> Hi > > Just got a new server replacing another server. > I had to use iptables to protect it until I could move a hardware firewall > from the old server to the new server. > > Now I am trying to delete iptables but it wants to delete lots of other > dependency packages, e.g. sendmail, cyrus-sasl and even plymouth. > > Can I just use "force" and "no-dependecies" to get rid of it? > Are there other implications I do not know about?There is no need to remove iptables, just remove iptables-services. That should deactivate any loading of rules from what I understand. Regards, Simon
On Tue, 2019-05-07 at 12:07 +1000, Jobst Schmalenbach wrote:> Hi > > Just got a new server replacing another server. > I had to use iptables to protect it until I could move a hardware > firewall from the old server to the new server. > > Now I am trying to delete iptables but it wants to delete lots of > other dependency packages, e.g. sendmail, cyrus-sasl and even > plymouth.Two comments on this really. First, why get rid of the iptables package(s)? Lots of things need it, it's fairly fundamental to the network. Why not just disable iptables - something like systemctl disable iptables is perfectly fine. Second, why even disable it? The only reason I can see to disable or stop using it is to use, say, firewalld instead. All my machines still run some form of local firewall configuration even though they are behind 3, 4 or 5 hardware firewalls.> Can I just use "force" and "no-dependecies" to get rid of it?No. The dependencies are there for a reason and the things that are dependent on it would probably just stop working. Those options are the "nuclear options" they aren't there because it's inconvenient to have dependencies. P.
Reasonably Related Threads
- CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
- CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
- Yum archive for PHP greater than 5.2.1 for CentOS 5.4?
- Problem with IPTABLES logging message to the screen/console
- Increase logging verbosity of saslauthd?