Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 119403 - iptables & SE Linux Enabled , even after disabling them in graphical installer on X86-64
Summary: iptables & SE Linux Enabled , even after disabling them in graphical installe...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
 
Reported: 2004-03-30 04:12 UTC by Jerone Young
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-04-03 09:29:06 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Jerone Young 2004-03-30 04:12:19 UTC 
Description of problem:
This problem only seems to effect FC 2 test 2 on X86_64, but if I
explictly specify that I do not want firewall rules (iptables) or
SELinux ON, they still come up after the install..... I have to then
do it manually...for SELinux add selinux=0 to kernel command line and
chkconfig for iptables off to get the firewall rules cut off. This
doesn't seem to happen on the i386 FC 2 test 2.
Comment 1 Jeremy Katz 2004-03-30 23:23:26 UTC 
That's strange... the code is exactly the same between them :)

What's in /etc/sysconfig/system-config-firewall and
/etc/sysconfig/selinux on the x86_64 box?  (And note that turning off
SELinux isn't quite the same as selinux=0)
Comment 2 Jerone Young 2004-03-31 02:35:25 UTC 
/etc/sysconfig/system-config-firewall does not exist. But there is are

/etc/sysconfig/system-config-securitylevel:
# Configuration file for system-config-securitylevel
                                                                     
                              
--enabled

/etc/sysconfig/iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

The iptables init script has to be reading from this file. Once I run
it I can no longer reach ssh. Things have changed somwhere.

/etc/sysconfig/selinux:
SELINUX=disabled
Comment 3 Jerone Young 2004-04-03 09:28:51 UTC 
This is resolved in the Development tree. Did an install based on the
April 2nd Development tree and this problem is now gone.
Note You need to log in before you can comment on or make changes to this bug.