Find the answer to your Linux question:
Results 1 to 4 of 4
Logged in as root and would like to customize my firewall settings. Using GNOME I selected: System Settings > Security Level > displayed the Security Level Configuration UI Initally I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2003
    Posts
    3

    Can't Save Firewall Setting - as root


    Logged in as root and would like to customize my firewall settings.

    Using GNOME I selected: System Settings > Security Level > displayed the Security Level Configuration UI

    Initally I tried to customize leaving setting to high, but didn't work. Then I tried to change the level to Medium. Didn't work.

    The settings that I make never get saved.

    No matter what I do, when I change anything on this UI, click OK and then click Yes on the subsequent Warning message, when I go back in to the System Settings > Security Level, it is set to High and the option to use Default Firewall Rules is set.

    HELP!!

    P.S. Could not find a file in /ETC/SYSCONFIG, as the documentation indicated, named redhat-config-securitylevel so I created one in that directory, but it didn't make any difference.

    Regards,

    -jP

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Yes, that's how it is... I've never gotten that UI configurator thingie to work either, and there have been lots of people reporting the same problem. I'm suspecting that it's an RH bug or something.

    Generally, you're much better off editing the firewall configuration manually. However, that requires some iptables knowledge. If you post your /etc/sysconfig/iptables along with what it is that you actually want to do, I can help you write a new one.

  3. #3
    Just Joined!
    Join Date
    Nov 2003
    Posts
    3
    Dolda2000,

    Right now, I'm just trying to get a website that I'm developing and serving from a Linux machine to be accessible to others in my organization. I have three machines connected to our network via Ethernet (all on the same hub/switch) and all of these machines can access the website. All other machines in our organization are accessing the network using TokenRing and they can not access the site. I really just want to remove all firewall security on my Linux server.

    Thanks for your assistance.

    Here's my iptables

    # Firewall configuration written by lokkit
    # Manual customization of this file is not recommended.
    # Note: ifup-post will punch the current nameservers through the
    # firewall; such entries will *not* be listed here.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Lokkit-0-50-INPUT - [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
    COMMIT

  4. #4
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    If you just want to remove the firewall, then all you have to do is remove /etc/sysconfig/iptables. That is actually the correct way to do it.

    However, I can't help doubting that the problem that you are describing is actually with the firewall. You do have this line in your config:
    Code:
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
    That one explicitly lets all traffic through to port 80.
    You also have this line:
    Code:
    -A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
    That lets everything through on eth0. If you don't have any other network interfaces, then it should let everything trough.
    Therefore, I can't help thinking that it's likely to be a problem with the network configuration in general. Can the Token Ring computers ping your Ethernet systems?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •