Bug in system-config-firewall ?
JB
jb.1234abcd at gmail.com
Mon Sep 19 18:57:59 UTC 2011
linux guy <linuxguy123 <at> gmail.com> writes:
>
> Hi people.I'm setting up ssh on a server box.I'm using system-config-firewall
> to open up port 22 for it.Here is the thing... it *appears* that
> system-config-firewall has port 22 opened up by default, for some reason.
> Ie the port is checked on the port list in system-config-firewall.
Yes, that's the dev's intention.
> However, if I run nmap from the remote machine (nmap -sS -F 192.168...) it
> shows all the ports to be closed.
Before you run nmap, verify your target machine's state.
Result of user configuration (via system-config-firewall):
# cat /etc/sysconfig/iptables
...
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
...
Next, actual iptables (as a result of above):
# iptables -n -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
...
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:22
And now verify sshd listening:
# netstat -nltp
...
If that shows everything as expected or not (after fresh reboot, and after
your manual configuration), you have a basis of questioning or not firewall's
workings.
> If I unselect port 22 and press Apply and then select it and press Apply
> again, nmap finds it open and all is well.However, if I then reboot,
> the port is again closed ! One seems to need to repeat the unselect-Apply/
> select-Apply procedure to get it working again.Is it just me or do others
> have the same problem ?
JB
More information about the users
mailing list