Red Hat Bugzilla – Bug 119403
iptables & SE Linux Enabled , even after disabling them in graphical installer on X86-64
Last modified: 2007-11-30 17:10:39 EST
Description of problem: This problem only seems to effect FC 2 test 2 on X86_64, but if I explictly specify that I do not want firewall rules (iptables) or SELinux ON, they still come up after the install..... I have to then do it manually...for SELinux add selinux=0 to kernel command line and chkconfig for iptables off to get the firewall rules cut off. This doesn't seem to happen on the i386 FC 2 test 2.
That's strange... the code is exactly the same between them :) What's in /etc/sysconfig/system-config-firewall and /etc/sysconfig/selinux on the x86_64 box? (And note that turning off SELinux isn't quite the same as selinux=0)
/etc/sysconfig/system-config-firewall does not exist. But there is are /etc/sysconfig/system-config-securitylevel: # Configuration file for system-config-securitylevel --enabled /etc/sysconfig/iptables: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT The iptables init script has to be reading from this file. Once I run it I can no longer reach ssh. Things have changed somwhere. /etc/sysconfig/selinux: SELINUX=disabled
This is resolved in the Development tree. Did an install based on the April 2nd Development tree and this problem is now gone.