Description of problem:
This problem only seems to effect FC 2 test 2 on X86_64, but if I
explictly specify that I do not want firewall rules (iptables) or
SELinux ON, they still come up after the install..... I have to then
do it manually...for SELinux add selinux=0 to kernel command line and
chkconfig for iptables off to get the firewall rules cut off. This
doesn't seem to happen on the i386 FC 2 test 2.
That's strange... the code is exactly the same between them :)
What's in /etc/sysconfig/system-config-firewall and
/etc/sysconfig/selinux on the x86_64 box? (And note that turning off
SELinux isn't quite the same as selinux=0)
/etc/sysconfig/system-config-firewall does not exist. But there is are
# Configuration file for system-config-securitylevel
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
The iptables init script has to be reading from this file. Once I run
it I can no longer reach ssh. Things have changed somwhere.
This is resolved in the Development tree. Did an install based on the
April 2nd Development tree and this problem is now gone.