philippe_PMA wrote:Essayes après avoir arrêté et désactivé le service firewalld :
systemctl stop firewalld.service
systemctl disable firewalld.service
En fait, normalement, la commande suivante devrait faire tout ce qu'il :
lokkit --enabled
Pour vérifier, passe les commandes ci-dessous et compare le résultat avec les tiens :
# systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/lib/systemd/system/iptables.service; enabled)
Active: active (exited) since Sun, 20 May 2012 12:56:48 +0200; 4min 29s ago
Process: 1046 ExecStart=/usr/libexec/iptables.init start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/iptables.service
# systemctl status ip6tables.service
ip6tables.service - IPv6 firewall with ip6tables
Loaded: loaded (/lib/systemd/system/ip6tables.service; enabled)
Active: active (exited) since Sun, 20 May 2012 12:56:48 +0200; 5min ago
Process: 1050 ExecStart=/usr/libexec/ip6tables.init start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/ip6tables.service
# iptables -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
52 5224 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
1 60 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 42 packets, 6048 bytes)
pkts bytes target prot opt in out source destination
# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT