iptables adding rules not in /etc/sysconfig/iptables

jd1008 jd1008 at gmail.com
Fri Oct 31 01:51:57 UTC 2014 

On 10/30/2014 07:11 PM, Ed Greshko wrote:
> On 10/31/14 09:04, jd1008 wrote:
>> On 10/30/2014 05:12 PM, Ed Greshko wrote:
>>> On 10/31/14 02:11, Tom Horsley wrote:
>>>> On Thu, 30 Oct 2014 12:00:28 -0600
>>>> jd1008 wrote:
>>>>
>>>>> Why is this taking place?
>>>> Lots of things fiddle with iptables rules.
>>>>
>>>> If you have the new firewalld service running, God knows what it
>>>> does. Also the default libvirtd service starts a bunch of
>>>> networking things for providing a default network that includes
>>>> some firewall tinkering (or used to, anyway).
>>> FWIW, I'm working on a fresh install at the moment....doing some "experimenting".
>>>
>>> Using firewalld, ports 53 (DNS) and 67 (bootp) are not open.  Additionally, after install of the bind and dhcp packages they remain not open.
>>>
>>> It is only when specifically configured to be opened are they.  Also, when configured by the firewall-config GUI, udp/tcp is open for port 53 but only udp is open for 67.
>>>
>> Well, I have done nothing to cause this "recent" change.
>> By "recent" I mean within the last few (4-5) days.
>>
>> So, something is doing this, but have no idea how to track it down.
>>
> Are you running iptables or firewalld?
>
> systemctl status iptables.service
> systemctl status firewalld.service
>
> will tell you/us.
>
# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
    Active: inactive (dead) since Thu 2014-10-30 19:44:22 MDT; 4min 2s ago
  Main PID: 659 (code=killed, signal=TERM)
    CGroup: /system.slice/firewalld.service

Oct 30 19:44:21 localhost.localdomain systemd[1]: Started firewalld - 
dynamic firewall daemon.
Oct 30 19:44:22 localhost.localdomain systemd[1]: Stopping firewalld - 
dynamic firewall daemon...
Oct 30 19:44:22 localhost.localdomain systemd[1]: Stopped firewalld - 
dynamic firewall daemon.

OK - I will disable it, but you stated earlier that it is not the culprit???

# systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
    Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
    Active: active (exited) since Thu 2014-10-30 19:46:19 MDT; 3min 41s ago
   Process: 2337 ExecStop=/usr/libexec/iptables/iptables.init stop 
(code=exited, status=0/SUCCESS)
   Process: 2446 ExecStart=/usr/libexec/iptables/iptables.init start 
(code=exited, status=0/SUCCESS)
  Main PID: 2446 (code=exited, status=0/SUCCESS)

Oct 30 19:46:19 localhost.localdomain iptables.init[2446]: iptables: 
Applying firewall rules: [  OK  ]
Oct 30 19:46:19 localhost.localdomain systemd[1]: Started IPv4 firewall 
with iptables.

More information about the users mailing list