Bug 119403 - iptables & SE Linux Enabled , even after disabling them in graphical installer on X86-64
Summary: iptables & SE Linux Enabled , even after disabling them in graphical installe...
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: rawhide
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
Reported: 2004-03-30 04:12 UTC by Jerone Young
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2004-04-03 09:29:06 UTC

Attachments (Terms of Use)

Description Jerone Young 2004-03-30 04:12:19 UTC
Description of problem:
This problem only seems to effect FC 2 test 2 on X86_64, but if I
explictly specify that I do not want firewall rules (iptables) or
SELinux ON, they still come up after the install..... I have to then
do it manually...for SELinux add selinux=0 to kernel command line and
chkconfig for iptables off to get the firewall rules cut off. This
doesn't seem to happen on the i386 FC 2 test 2.

Comment 1 Jeremy Katz 2004-03-30 23:23:26 UTC
That's strange... the code is exactly the same between them :)

What's in /etc/sysconfig/system-config-firewall and
/etc/sysconfig/selinux on the x86_64 box?  (And note that turning off
SELinux isn't quite the same as selinux=0)

Comment 2 Jerone Young 2004-03-31 02:35:25 UTC
/etc/sysconfig/system-config-firewall does not exist. But there is are

# Configuration file for system-config-securitylevel

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

The iptables init script has to be reading from this file. Once I run
it I can no longer reach ssh. Things have changed somwhere.


Comment 3 Jerone Young 2004-04-03 09:28:51 UTC
This is resolved in the Development tree. Did an install based on the
April 2nd Development tree and this problem is now gone.

Note You need to log in before you can comment on or make changes to this bug.