Bug 443411

Summary: disabling firewall does not work
Product: [Fedora] Fedora Reporter: Thomas J. Baker <tjb>
Component: system-config-firewallAssignee: Thomas Woerner <twoerner>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 9CC: bugzilla, jdeslip, kmkrutsc, mail2benny, mishu, tagoh, vcrhonek
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.2.9-1.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-02 06:32:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas J. Baker 2008-04-21 13:26:02 UTC
system-config-firewall-1.2.7-1.fc9.noarch

If I disable the firewall from the GUI, it adds "--disabled" to the
/etc/sysconfig/system-config-firewall but doesn't really disable the firewall.
It doesn't appear that the iptables startup script even references that file.
Needless to say this causes lots of head scratching when many network services
(like ypbinding to a broadcast server, synergy) don't work and you think there's
no firewall in the way.

Comment 1 Vitezslav Crhonek 2008-04-23 08:23:25 UTC
A bit off topic... Thomas, using ypbind to broadcast server is not good idea (i.
e. security reasons). Do you have any particular matter to not put your
server(s) address(es) to ypbind configuration file? I'm just curious:)

Comment 2 Thomas J. Baker 2008-04-23 12:47:40 UTC
I didn't realize you could specify multiple servers. We've used broadcast for
reliability. When a yp server goes down, our linux clients just switch servers
transparently. We have a firewalled, relatively safe environment. Still, knowing
you can specify multiple servers will cause us to change our ways.

Comment 3 Thomas Woerner 2008-05-05 11:53:30 UTC
If you disable the firewall, the files /etc/sysconfig/{iptables,ip6tables} are
removed. These files are used by the services iptables and ip6tables.

Please describe your problem more detailed.

Comment 4 Thomas J. Baker 2008-05-05 13:07:29 UTC
I've disabled the firewall and /etc/sysconfig/iptables is still exists. If I
re-run system-config-firewall, it says in red at the bottom that the firewall is
disabled but that iptables file still exists and if iptables is chkconfig'd on,
it starts a firewall.

system-config-firewall-1.2.7-1.fc9.noarch

Comment 5 Akira TAGOH 2008-05-07 12:22:12 UTC
same here. /etc/sysconfig/ip*tables exists even if I disable the feature on
system-config-firewall.

Comment 6 Bug Zapper 2008-05-14 09:51:25 UTC
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 7 Jack Deslippe 2008-05-15 05:44:58 UTC
I also have this problem in fedora 9.  As far as I can tell, making ANY changes
in system-config-firewall at all doesn't work!

Comment 8 Benny 2008-05-20 14:57:15 UTC
I have the same problem in Fedora 9. But stopping the iptables service just
disables the firewall completely, a solution for now. Probably a bug in the GUI.


Comment 9 Thomas Woerner 2008-05-23 17:04:38 UTC
*** Bug 447370 has been marked as a duplicate of this bug. ***

Comment 10 Thomas Woerner 2008-05-23 17:04:57 UTC
*** Bug 447616 has been marked as a duplicate of this bug. ***

Comment 11 Fedora Update System 2008-05-29 02:34:02 UTC
system-config-firewall-1.2.8-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update system-config-firewall'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-4397

Comment 12 Fedora Update System 2008-07-02 06:32:55 UTC
system-config-firewall-1.2.9-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.