Bug 443411 - disabling firewall does not work
disabling firewall does not work
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: system-config-firewall (Show other bugs)
9
All Linux
low Severity high
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
:
: 447370 iptables-bug (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-21 09:26 EDT by Thomas J. Baker
Modified: 2008-07-02 02:32 EDT (History)
7 users (show)

See Also:
Fixed In Version: 1.2.9-1.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-02 02:32:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thomas J. Baker 2008-04-21 09:26:02 EDT
system-config-firewall-1.2.7-1.fc9.noarch

If I disable the firewall from the GUI, it adds "--disabled" to the
/etc/sysconfig/system-config-firewall but doesn't really disable the firewall.
It doesn't appear that the iptables startup script even references that file.
Needless to say this causes lots of head scratching when many network services
(like ypbinding to a broadcast server, synergy) don't work and you think there's
no firewall in the way.
Comment 1 Vitezslav Crhonek 2008-04-23 04:23:25 EDT
A bit off topic... Thomas, using ypbind to broadcast server is not good idea (i.
e. security reasons). Do you have any particular matter to not put your
server(s) address(es) to ypbind configuration file? I'm just curious:)
Comment 2 Thomas J. Baker 2008-04-23 08:47:40 EDT
I didn't realize you could specify multiple servers. We've used broadcast for
reliability. When a yp server goes down, our linux clients just switch servers
transparently. We have a firewalled, relatively safe environment. Still, knowing
you can specify multiple servers will cause us to change our ways.
Comment 3 Thomas Woerner 2008-05-05 07:53:30 EDT
If you disable the firewall, the files /etc/sysconfig/{iptables,ip6tables} are
removed. These files are used by the services iptables and ip6tables.

Please describe your problem more detailed.
Comment 4 Thomas J. Baker 2008-05-05 09:07:29 EDT
I've disabled the firewall and /etc/sysconfig/iptables is still exists. If I
re-run system-config-firewall, it says in red at the bottom that the firewall is
disabled but that iptables file still exists and if iptables is chkconfig'd on,
it starts a firewall.

system-config-firewall-1.2.7-1.fc9.noarch
Comment 5 Akira TAGOH 2008-05-07 08:22:12 EDT
same here. /etc/sysconfig/ip*tables exists even if I disable the feature on
system-config-firewall.
Comment 6 Bug Zapper 2008-05-14 05:51:25 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 7 Jack Deslippe 2008-05-15 01:44:58 EDT
I also have this problem in fedora 9.  As far as I can tell, making ANY changes
in system-config-firewall at all doesn't work!
Comment 8 Benny 2008-05-20 10:57:15 EDT
I have the same problem in Fedora 9. But stopping the iptables service just
disables the firewall completely, a solution for now. Probably a bug in the GUI.
Comment 9 Thomas Woerner 2008-05-23 13:04:38 EDT
*** Bug 447370 has been marked as a duplicate of this bug. ***
Comment 10 Thomas Woerner 2008-05-23 13:04:57 EDT
*** Bug 447616 has been marked as a duplicate of this bug. ***
Comment 11 Fedora Update System 2008-05-28 22:34:02 EDT
system-config-firewall-1.2.8-1.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update system-config-firewall'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-4397
Comment 12 Fedora Update System 2008-07-02 02:32:55 EDT
system-config-firewall-1.2.9-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.