Mageia forum

How can I permanently disable firewall. I have only sshd installed as externally avaliable service so I want to disable FW. Can not from Control Centre. Shorewall clear disable only until reboot.
Is it possible?

Try

Code: Select all

systemctl shorewall.service stop

then

Code: Select all

systemctl shorewall.service disable

Might have to do the same for iptables.

(oops... fixed a typo)

oj wrote:Try

Code: Select all

systemctl shorewall.service stop

then

Code: Select all

systemctl shorewall.service disable

Might have to do the same for iptables.

(oops... fixed a typo)

OK, works. But should be:
systemctl stop shorewall.service
systemctl disable shorewall.service

mackowiakp wrote:

oj wrote:Try

Code: Select all

systemctl shorewall.service stop

then

Code: Select all

systemctl shorewall.service disable

Might have to do the same for iptables.

(oops... fixed a typo)

OK, works. But should be:
systemctl stop shorewall.service
systemctl disable shorewall.service

Code: Select all

A lazy shorter version:
# systemctl stop shorewall
# systemctl disable shorewall


I have just tried this, it is the correct answer and all of the shorewall rules visible with "iptables -L" are cleared, but one should know that it doesn't change the iptables default policy of DROP immediately. So my ssh server was still blocked from accepting connections. Something needs to be done to refresh the iptables, I am not sure what would be the simplest. I just rebooted the system and the iptables policies did successfully change to ACCEPT, and now I can connect to the openssh-server on port 22.

Is there a command to get the new iptables policies to take effect without a system reboot?

While I agree that shorewall is complicated and sometimes a real PITA, I have to say that operating a network-facing computer without a robust firewall in place is simply asking to be owned. This is even more true for the user who turns on all the services and is afraid to turn them off because "I don't know what they do".