Bug 102556
| Summary: | iptables breaks gnome | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Derek <magicbook1> |
| Component: | gnome-session | Assignee: | Mark McLoughlin <markmc> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | athlon | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-10-15 22:34:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
We believe the issue is that you are not allowing lo through. Something like -i lo -j ACCEPT I guess Try redhat-config-securitylevel for a base sane configuration and modify from there perhaps. You may want to post your /etc/sysconfig/iptables to fedora-list/redhat-list or ask your support rep about it. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 Description of problem: Iptables breaks gnome. I setup iptables on my workstation to only accept new connections on port 22, because the only remove connection I want to setup on my box is ssh. Then ,when I try to start X11 with Gnome it gives me this message. It just hung showing the starting redhat box. However KDE worked fine. --------------------------------------------------------------------------------------------- XFree86 Version 4.3.0 (Red Hat Linux release: 4.3.0-2) Release Date: 27 February 2003 X Protocol Version 11, Revision 0, Release 6.6 Build Operating System: Linux 2.4.20-3bigmem i686 [ELF] Build Date: 27 February 2003 Build Host: porky.devel.redhat.com Before reporting problems, check http://www.XFree86.Org/ to make sure that you have the latest version. Module Loader present OS Kernel: Linux version 2.4.20-19.9 (bhcompile.redhat.com) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #1 Tue Jul 15 17:03:30 EDT 2003 P Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/var/log/XFree86.1.log", Time: Sun Aug 17 15:28:30 2003 (==) Using config file: "/etc/X11/XF86Config" (II) [GLX]: Initializing GLX extension GetModeLine - scrn: 0 clock: 108000 GetModeLine - hdsp: 1280 hbeg: 1328 hend: 1440 httl: 1688 vdsp: 1024 vbeg: 1025 vend: 1028 vttl: 1066 flags: 5 SESSION_MANAGER=local/localhost.localdomain:/tmp/.ICE-unix/2071 X connection to :1.0 broken (explicit kill or server shutdown). xinit: connection to X server lost. I tried to find where SESSION_MANAGER was set and my find command returned nothing. I tried typing the following before starting X, $ SESSION_MANAGER=/tmp/junk And I got the same error. here is the output from my iptables -L ---------------------------------------------------------------------------------- Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere state INVALID DROP udp -- anywhere anywhere state INVALID DROP icmp -- anywhere anywhere state INVALID ACCEPT tcp -- anywhere anywhere tcp dpt:ssh DROP tcp -- anywhere anywhere state NEW DROP tcp -- anywhere anywhere state NEW DROP udp -- anywhere anywhere state NEW Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:ssh DROP tcp -- anywhere anywhere tcp spts:tcpmux:1024 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Set iptables rules as described above. 2.Log out of X11 3.Select Gnome Session in GDM 4.Login and gnome will hang. Actual Results: Gnome hangs untill killed. Expected Results: Gnome should start normally. Additional info: No problem with these IPTABLES settingings and KDE.