| Summary: | Port is still open even though all services at the system-config-firewall is not checked. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Arif Tri Waluyo <arifiauo> |
| Component: | system-config-firewall | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | elad, twoerner |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-12 10:37:33 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Arif Tri Waluyo
2011-06-16 18:10:19 UTC
Is iptables running? -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Please add the output of the commands iptables-save and ip6tables save. This should have been iptables-save and ip6tables-save. output #iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination (In reply to comment #1) > Is iptables running? > > > > -- > Fedora Bugzappers volunteer triage team > https://fedoraproject.org/wiki/BugZappers It's running (In reply to comment #3) > This should have been iptables-save and ip6tables-save. # iptables-save # Generated by iptables-save v1.4.10 on Fri Jun 17 18:50:25 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5592:719822] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Fri Jun 17 18:50:25 2011 # ip6tables-save # Generated by ip6tables-save v1.4.10 on Fri Jun 17 18:51:34 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2:140] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited COMMIT # Completed on Fri Jun 17 18:51:34 2011 Your firewall is configured properly. There are no open ports. Are you sure that you are testing the firewall of your system and not another one; for example the firewall that protects your LAN? (In reply to comment #7) > Your firewall is configured properly. There are no open ports. > > Are you sure that you are testing the firewall of your system and not another > one; for example the firewall that protects your LAN? Absolutely sure, or you can try by yourself to test status port in the GRC ShieldsUP. You know, before I was just doing the configuration with system-config-firewall and the result is still existing ports are always open, although I do not activate it. but after I run iptables-save and ip6tables-save, and then I check my firewall status, the results are no ports are open. My problem is solved, but why this is not automatically be done by system-config-firewall? iptables-save and ip6tables-save are not saving anything. The difference to "iptables --list" "ip6tables --list" is that output is different (in a more readable form for me). The output of the -save commands is normally used to save it in a file via output redirection. (In reply to comment #10) > iptables-save and ip6tables-save are not saving anything. The difference to > "iptables --list" "ip6tables --list" is that output is different (in a more > readable form for me). The output of the -save commands is normally used to > save it in a file via output redirection. you're right, after I tried several more times the results vary. this is weird. What is varying? (In reply to comment #12) > What is varying? firewall test results. sometimes all ports closed, sometimes there are some ports are still open. Are the ports open in the firewall (iptables-save and ip6tablesa-save) output and/or is the tool reporting that these ports are open? (In reply to comment #14) > Are the ports open in the firewall (iptables-save and ip6tablesa-save) output > and/or is the tool reporting that these ports are open? My firewall output, look comment 6. the results of the tool reporting are vary. sometimes all ports closed, sometimes there are some ports are still open. here link of reporting tool. https://www.grc.com/x/ne.dll?bh0bkyd2 I am sorry, but this is not a firewall problem. I can not verify GRC ShieldsUP. Is your machine really connected to the internet directly without using a wireless access point or a router? I use a CDMA modem with an ISP that gives me a public IP. but what if I do a test with the same device and with the Ubuntu operating system, the result is always the same and none of the ports are open? If it's not a firewall problem, why if I do a test with the same device and with the Ubuntu operating system, the result is always the same and none of the ports are open? there is additional info, if I do a test with fedora 15 LiveUSB. The result is always stealth. But if I did after installing it on the computer. Test results are not always the same. And that I did right after fedora installed. After I ask my ISP, it turns out a gap exists in the router / firewall them. Not on my computer. It looks like these bugs can be closed. Closing as not a bug due to comment #21. |