Disable iptables completly
- Thread starter Sepivip
- Start date
) I tried to uninstall it from services but it keeps restarting after reboot and after sometime...
nobaloney
NoBaloney Internet Svcs - In Memoriam †
What OS Distribution are you using?
Jeff
Jeff
Iptables is part (module) of the kernel so it can't be totally disabled with out recompiling the kernel. There is a file in /etc/sysconfig called iptables. It contains the rules for iptables. I have included my firewall file as an example. You can remove the whole RH-Firewall-1-INPUT chain or just change the last line from REJECT to ACCEPT and save the file.
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
...
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
...
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Bclark...
Do you then use a different firewall program (APF or Kiss)?
I just realized that iptables is running on my server and it may be interfering with kiss...and may have been the cause of my frustrations with APF.
I'm having problems getting FTP to work through IE or Firefox...also having delays with passive mode. It could be iptables is causing the problems.
So from what I see of your config you basically allow everything through...but then I'm guessing you use something else to do the real security?
Thanks!
Do you then use a different firewall program (APF or Kiss)?
I just realized that iptables is running on my server and it may be interfering with kiss...and may have been the cause of my frustrations with APF.
I'm having problems getting FTP to work through IE or Firefox...also having delays with passive mode. It could be iptables is causing the problems.
So from what I see of your config you basically allow everything through...but then I'm guessing you use something else to do the real security?
Thanks!
nobaloney
NoBaloney Internet Svcs - In Memoriam †
If you install either KISS or APF you may safely remove the contents of /etc/sysconfig/iptables.
With the KISS script you really don't have to; the first thing it does is clears anything currently in iptables, before it installs it's own settings.
I'm not sure, but I'd think that APF would do the same thing; it's the only way to get to a known state.
Using chkconfig to shut off iptables will cause the system to NOT set up the settings in /etc/sysconfig/iptables, but it won't keep KISS or APF from running and making changes to the firewall.
Jeff
With the KISS script you really don't have to; the first thing it does is clears anything currently in iptables, before it installs it's own settings.
I'm not sure, but I'd think that APF would do the same thing; it's the only way to get to a known state.
Using chkconfig to shut off iptables will cause the system to NOT set up the settings in /etc/sysconfig/iptables, but it won't keep KISS or APF from running and making changes to the firewall.
Jeff