Default Iptable rule causing issue (reject-with icmp-host-prohibited)
Below rule in iptables is causing the slptool to fail in detecting the services of other
hosts.
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
I deleted it by using below command
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
and slp started to discover from other node with firewall enabled.
however when i reload the firewalld or reboot it again went back to original rule
(REJECT)
how can i delete this rule permanently so that even after reoading firewalld daemon it
does not go back to default.
or is there anyother way
1 Reply
You need to figure out which part of the firewalld configuration is causing the rule to placed there and tell it not to do that. According to
https://www.polarsparc.com/xhtml/Linux-Firewalld.html
the firewalld configuration is kept in /etc/firewalld.conf with a library of available services kept in /usr/lib/firewalld/services. You'll have to figure out which one of the enabled services in /etc/firewalld.conf is causing this and de-activate it. My guess is that the suspect configuration would have the characters slp in the filename…so that should narrow your search a bit.
I don't use an RH-variant distro so that's about all I can tell you.
There's also this:
which should contain much more extensive information on the XML files that comprise firewalld configuration.
-- sw
P.S. You don't need firewalld at all. You can manipulate iptables(8) yourself directly and eliminate this kind of pain: