Bug 119403 - iptables & SE Linux Enabled , even after disabling them in graphical installer on X86-64
iptables & SE Linux Enabled , even after disabling them in graphical installe...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
rawhide
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
:
Depends On:
Blocks: FC2Blocker
  Show dependency treegraph
 
Reported: 2004-03-29 23:12 EST by Jerone Young
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-03 04:29:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jerone Young 2004-03-29 23:12:19 EST
Description of problem:
This problem only seems to effect FC 2 test 2 on X86_64, but if I
explictly specify that I do not want firewall rules (iptables) or
SELinux ON, they still come up after the install..... I have to then
do it manually...for SELinux add selinux=0 to kernel command line and
chkconfig for iptables off to get the firewall rules cut off. This
doesn't seem to happen on the i386 FC 2 test 2.
Comment 1 Jeremy Katz 2004-03-30 18:23:26 EST
That's strange... the code is exactly the same between them :)

What's in /etc/sysconfig/system-config-firewall and
/etc/sysconfig/selinux on the x86_64 box?  (And note that turning off
SELinux isn't quite the same as selinux=0)
Comment 2 Jerone Young 2004-03-30 21:35:25 EST
/etc/sysconfig/system-config-firewall does not exist. But there is are

/etc/sysconfig/system-config-securitylevel:
# Configuration file for system-config-securitylevel
                                                                     
                              
--enabled

/etc/sysconfig/iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

The iptables init script has to be reading from this file. Once I run
it I can no longer reach ssh. Things have changed somwhere.

/etc/sysconfig/selinux:
SELINUX=disabled
Comment 3 Jerone Young 2004-04-03 04:28:51 EST
This is resolved in the Development tree. Did an install based on the
April 2nd Development tree and this problem is now gone.

Note You need to log in before you can comment on or make changes to this bug.