How to disable CentOS firewall?

Support for security such as Firewalls and securing linux
MajorNewbie
Posts: 127
Joined: 2008/04/17 00:04:43

How to disable CentOS firewall?

Post by MajorNewbie » 2008/04/22 01:09:12

Hi all. When installing CentOS, towards the end, the Setup Agent allows the user to disable the default CentOS firewall. I didn't do that during the installation, but I would like to disable it now.

How do I get back into the Setup Agent to disable the CentOS firewall?

TIA

User avatar
vonskippy
Posts: 839
Joined: 2006/12/30 03:00:04
Location: Western Slope Colorado

Re: How to disable CentOS firewall?

Post by vonskippy » 2008/04/22 01:32:26

#service iptables stop

to make it permanent:
#chkconfig iptables off

MajorNewbie
Posts: 127
Joined: 2008/04/17 00:04:43

Re: How to disable CentOS firewall?

Post by MajorNewbie » 2008/04/22 02:26:13

Thanks

User avatar
AlanBartlett
Forum Moderator
Posts: 9326
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: How to disable CentOS firewall?

Post by AlanBartlett » 2008/04/22 14:56:41

You [i]might[/i] also have [b]ip6tables[/b] running, so also

[b]service ip6tables stop
chconfig --del ip6tables[/b]

Please have a look at the manual pages for both of these commands

[b]man service
man chkconfig[/b]

HTH.
Alan.

MajorNewbie
Posts: 127
Joined: 2008/04/17 00:04:43

Re: How to disable CentOS firewall?

Post by MajorNewbie » 2008/04/22 22:53:48

Oh yeah, thanks.

Just managed to get myself on the Net at command line level, I can ping, telnet, ftp etc so I guess I need some sort of firewall. I have to go through the chmod business too. Maybe I can disable incoming ping and incoming telnet connection.

On the other hand, it is supposed to be a webserver!

Too much for a major newbie in one day :(

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

Re: How to disable CentOS firewall?

Post by michaelnel » 2008/04/23 18:58:47

Your server isn't going to last long being on the net with no firewall, plaintext telnet enabled and a newbie at the helm.

You might want to re-think this.

MajorNewbie
Posts: 127
Joined: 2008/04/17 00:04:43

Re: How to disable CentOS firewall?

Post by MajorNewbie » 2008/04/24 14:42:11

Yes, Mike, I agree and nothing would please me better than to hand over to an experienced system administrator with the appropriate background. But finding these people is harder than you think in USA, everyone 3 years out of university wants to work for a mega-billion company with a 6-digit salary, options and unlimited career-path, understandable since education is bloody expensive. But not all of us own a mega-billion company. A thought: roughly 50% of all jobs in USA are with SMEs and we need techies like yourself. The rest are governments and Fortune 500. President Clinton pushed through a bill supporting SME's, still active.

I am just glad there are forums like centos.org where we Rip-van-Winkles can come up to speed again or newbies can post their seemingly trivial questions.

As for the iptables, I need to toggle them on and off during the build phase and likely try other firewalls.

Thanks for your thoughts on this.

NedSlider
Forum Moderator
Posts: 2896
Joined: 2005/10/28 13:11:50
Location: UK

Re: How to disable CentOS firewall?

Post by NedSlider » 2008/04/24 14:59:20

[quote]
MajorNewbie wrote:
Yes, Mike, I agree and nothing would please me better than to hand over to an experienced system administrator with the appropriate background. But finding these people is harder than you think in USA, everyone 3 years out of university wants to work for a mega-billion company with a 6-digit salary, options and unlimited career-path, understandable since education is bloody expensive. But not all of us own a mega-billion company. A thought: roughly 50% of all jobs in USA are with SMEs and we need techies like yourself. The rest are governments and Fortune 500. President Clinton pushed through a bill supporting SME's, still active.

[/quote]

Have you considered retaining a consultant on a fixed hourly rate. System administration can be done remotely so you don't necessarily need to employ a full time SA on site. A consultant, even at a slightly higher hourly rate will probably work out a LOT cheaper than a full time employed SA. I'm sure many of the more experienced users here in the forums also do freelance consultancy work. Just a thought.

Alternately, buy a licensed copy of RHEL along with their support :-)

MajorNewbie
Posts: 127
Joined: 2008/04/17 00:04:43

Re: How to disable CentOS firewall?

Post by MajorNewbie » 2008/04/24 18:25:36

Buying support from RH is not going to help me if I want to off-load sysadm tasks to someone more up-to-scratch. Also, RH is bloody expensive.

However it is my intention to get a contractor to either come in a few times a week or do remote administration. I have to trust this person. In any case, I think my old (older?) knowledge of X may suffice to set up a few networked servers and put myself on the Net whilst I try to get:
(1) sysadm + dba (mySQL)
(2) web developers for Coldfusion (which is on J2EE platform)

I have put an ad in a specialist site, the only response was from an agent quoting me x-amount to find the right person to do what I have now almost finished doing, Verizon-willing... :(

Anyway, we are off topic; you are in England; and I don't want to upset moderators.

regtaman
Posts: 21
Joined: 2008/05/30 10:57:03
Location: Paris, France

Re: How to disable CentOS firewall?

Post by regtaman » 2008/06/06 07:05:13

Hello,

I'm not convinced that the procedure for disabling the firewall ("service iptables stop" to disable immediately, followed by "chkconfig iptables off" to make the change permanent) works properly in my case. I did exactly that, and after rebooting, this is the response I get from "service iptables status" :

********************************************************************************

Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 192.168.122.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

********************************************************************************

I would have thought that if the firewall was really disabled the response should be "Firewall is stopped".

Can anyone help ?

Post Reply

Return to “CentOS 5 - Security Support”