Firewall not getting displayed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Parshwa Murdia <b330bkn <at> gmail.com> writes:

> ...
> [root <at> localhost ~]# cat /etc/sysconfig/ip*tables
> 
> the result is,
> 
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p ipv6-icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m ipv6header --header ah -j ACCEPT
> -A INPUT -m ipv6header --header esp -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d ff02::fb -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
> -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
> COMMIT
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p ah -j ACCEPT
> -A INPUT -p esp -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d
> 224.0.0.251 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
Hi,
assuming that the python apps are not screwd up (you have reinstalled them ...)
and their dependencies (other packages) are OK, there is something like this
that should be done.
Note that you have rules added to default rules (I assume thru GUI, but it
really does not matter here), which can be recreated later on easily (we have
them documented/saved here).
So, we will reset the rules to default only (I have done it on my system - no
worry, it can be restored without a problem).

Please exit your firewall app (GUI).

You should have a firewall dir like this:
[[email protected] jb]# ls -al /etc/sysconfig/ip*
-rw------- 1 root root  481 Jul 23 16:52 /etc/sysconfig/ip6tables
-rw------- 1 root root 1753 Apr  8 12:29 /etc/sysconfig/ip6tables-config
-rw------- 1 root root  416 Jul 23 14:54 /etc/sysconfig/ip6tables.old
-rw------- 1 root root  476 Jul 23 16:52 /etc/sysconfig/iptables
-rw------- 1 root root 1740 Apr  8 12:29 /etc/sysconfig/iptables-config
-rw------- 1 root root  411 Jul 23 14:54 /etc/sysconfig/iptables.old

Let's save old rules:
[[email protected] jb]# mv /etc/sysconfig/iptables.old
/etc/sysconfig/iptables.old.saved
[[email protected] jb]# mv /etc/sysconfig/ip6tables.old
/etc/sysconfig/ip6tables.old.saved

Let's save current rules:
[[email protected] jb]# mv /etc/sysconfig/iptables /etc/sysconfig/iptables.saved
[[email protected] jb]# mv /etc/sysconfig/ip6tables /etc/sysconfig/ip6tables.saved

We have no rules files now.

Plase start firewall: System-Administration-Firewall .
Close the startup window, input root password, and you will be greeted with
a warning that the firewall is in inconsistent state and that you should
create/accept new rules.
You will see 2-panel screen with the usual rules items. You see them, do you ?
If not we are already in a big doodoo ... It works on my system !
 
Please click on Apply button under the menu and confirm OK.
See that the rules files were recreated.
[[email protected] jb]# ls -al /etc/sysconfig/ip*tables
-rw------- 1 root root 481 Jul 23 17:22 /etc/sysconfig/ip6tables
-rw------- 1 root root 476 Jul 23 17:22 /etc/sysconfig/iptables

They have default rules only.
[[email protected] jb]# cat /etc/sysconfig/ip*tables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
 
Close firewall GUI.
Restart the firewall GUI as before (System-...).
You should be OK with all rules items panels editable. Are you ?

If so, then now would be the hard part - you would recreate the additional
rules by adding them one at a time, saving rules (Apply button), closing and
restarting firewall GUI.
We want to debug it and figure out what caused the problem, right ?
Good luck and let us know the intermediate and final result.
JB


 






-- 
users mailing list
[email protected]
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux