Bug 13423

Summary: cannot stop iptables service
Product: Mageia Reporter: Lieven De Puysseleir <lievendp>
Component: RPM PackagesAssignee: Thomas Backlund <tmb>
Status: NEW --- QA Contact:
Severity: minor    
Priority: Normal CC: shlomif
Version: CauldronKeywords: Triaged
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: MGA5TOO MGA4TOO
Source RPM: iptables-1.4.21-1.mga4 CVE:
Status comment:

Description Lieven De Puysseleir 2014-05-22 13:05:45 CEST 
Description of problem:

I cannot stop in an easy commandline way the mageia firewall, the iptables rules are not removed and the policy stays on drop


Version-Release number of selected component (if applicable):


How reproducible:
always


Steps to Reproduce:
1. iptables -L -n => shows loaded ruleset
2. systemctl stop iptables.service
3. systemctl stop shorewall.service
4. iptables -L -n


[root@localhost ~]# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Maybe my recollection is wrong but I remember at some time in the past that stopping both services would give em an empty ruleset with all policies set to ACCEPT.

I know I can use my own script to do this but stopping both services should do the trick.


Reproducible: 

Steps to Reproduce:
Manuel Hiebel 2014-11-01 19:12:51 CET

Keywords: (none) => Triaged
Assignee: bugsquad => tmb

Comment 1 Shlomi Fish 2015-07-17 11:59:32 CEST 
This bug is still present on Cauldron (Mageia 6). I noticed it a long time ago too and it's still not fixed. Let me see if I can find a solution.

CC: (none) => shlomif
Version: 4 => Cauldron
Whiteboard: (none) => MGA5TOO MGA4TOO

Comment 2 Shlomi Fish 2015-07-17 12:06:06 CEST 
Workaround script can be found here:

http://bash.cyberciti.biz/security/shell-script-to-stop-linux-firewall/