kadischi post failed -- Reposted here -- iptables always started no matter what
Thomas Woerner
twoerner at redhat.com
Wed Sep 28 09:58:01 UTC 2011
On 08/26/2011 11:14 PM, Phil Meyer wrote:
> Please tolerate this post intended for the livecd-creator list. They
> are bouncing me now days. Maybe its time I changed deodorant? I dunno ...
>
> I am desperate!
>
> ---
>
> livecd-tools-15.7-1.fc15.x86_64
>
> Kickstarts all contain:
>
> firewall --disabled
> selinux --disabled
>
> I even went as far as this:
>
> %packages
> ---
> [stuff deleted]
> ---
> -system-config-firewall*
>
> and
>
> %post
> ---
> [stuff deleted]
> ---
> /sbin/chkconfig iptables off
> /sbin/chkconfig ip6tables off
> echo '#'> /etc/sysconfig/iptables
> echo '#'> /etc/sysconfig/ip6tables
> echo '#'> /etc/sysconfig/iptables-config
> echo '#'> /etc/sysconfig/ip6tables-config
> echo "#\n--disabled"> /etc/sysconfig/system-config-firewall
> %end
>
There is no need to modify /etc/sysconfig/iptables-config and
/etc/sysconfig/ip6tables-config.
Just remove /etc/sysconfig/iptables and /etc/sysconfig/ip6tables, then
the iptables and ip6tables services will not start.
echo -e "#\n--disabled"> /etc/sysconfig/system-config-firewall
^^
Otherwise this is a comment and will be ignored. You could also just
drop "#\n".
>
> What happens is that /etc/sysconfig/iptables, /etc/sysconfig/iptables,
> and /etc/sysconfig/system-config-firewall ALWAYS get recreated AFTER
> %post runs!
>
This should not happpen.
Please the contents of the files.
Is system-config-firewall-base installed?
> That causes the iptables kernel modules to load, and filtering started,
> even though iptables is actually configured for off and does not start.
>
> What is doing that? I cannot find it.
>
> Any help is appreciated.
>
Which modules are loaded?
> Thanks!
Thomas
More information about the users
mailing list