Bug 119403 - iptables & SE Linux Enabled , even after disabling them in graphical installer on X86-64
Summary: iptables & SE Linux Enabled , even after disabling them in graphical installe...
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: x86_64 Linux
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
Reported: 2004-03-30 04:12 UTC by Jerone Young
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-04-03 09:29:06 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jerone Young 2004-03-30 04:12:19 UTC
Description of problem:
This problem only seems to effect FC 2 test 2 on X86_64, but if I
explictly specify that I do not want firewall rules (iptables) or
SELinux ON, they still come up after the install..... I have to then
do it manually...for SELinux add selinux=0 to kernel command line and
chkconfig for iptables off to get the firewall rules cut off. This
doesn't seem to happen on the i386 FC 2 test 2.

Comment 1 Jeremy Katz 2004-03-30 23:23:26 UTC
That's strange... the code is exactly the same between them :)

What's in /etc/sysconfig/system-config-firewall and
/etc/sysconfig/selinux on the x86_64 box?  (And note that turning off
SELinux isn't quite the same as selinux=0)

Comment 2 Jerone Young 2004-03-31 02:35:25 UTC
/etc/sysconfig/system-config-firewall does not exist. But there is are

# Configuration file for system-config-securitylevel

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

The iptables init script has to be reading from this file. Once I run
it I can no longer reach ssh. Things have changed somwhere.


Comment 3 Jerone Young 2004-04-03 09:28:51 UTC
This is resolved in the Development tree. Did an install based on the
April 2nd Development tree and this problem is now gone.

Note You need to log in before you can comment on or make changes to this bug.