Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 294857 Details for
Bug 431961
iptables and ip6tables configurations differ, firewall completely open
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
system-config-firewall-bash-tables-not-matched.txt
system-config-firewall-bash-tables-not-matched.txt (text/plain), 10.80 KB, created by
Andrew Farris
on 2008-02-13 23:39:21 UTC
(
hide
)
Description:
system-config-firewall-bash-tables-not-matched.txt
Filename:
MIME Type:
Creator:
Andrew Farris
Created:
2008-02-13 23:39:21 UTC
Size:
10.80 KB
patch
obsolete
>15:19:31 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> service iptables stop >iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] >iptables: Flushing firewall rules: [ OK ] >iptables: Setting chains to policy ACCEPT: filter [ OK ] >iptables: Unloading modules: [ OK ] > >15:19:38 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> service ip6tables stop >ip6tables: Saving firewall rules to /etc/sysconfig/ip6table[ OK ] >ip6tables: Flushing firewall rules: [ OK ] >ip6tables: Setting chains to policy ACCEPT: filter [ OK ] >ip6tables: Unloading modules: [ OK ] > >15:19:44 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> cat /etc/sysconfig/iptables ># Generated by iptables-save v1.3.8 on Wed Feb 13 15:19:36 2008 >*filter >:INPUT DROP [14:3668] >:FORWARD DROP [0:0] >:OUTPUT ACCEPT [1871:755163] >:block - [0:0] >:cirith-tcp - [0:0] >:cirith-udp - [0:0] >:goodPacket - [0:0] >:local - [0:0] >:okICMP - [0:0] >-A INPUT -s 127.0.0.1 -j goodPacket >-A INPUT -s 192.168.0.0/255.255.0.0 -m state --state NEW -j local >-A INPUT -j block >-A INPUT -m state --state INVALID -j DROP >-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >-A INPUT -p icmp -m limit --limit 1/sec -j okICMP >-A INPUT -p udp -m state --state NEW -j cirith-udp >-A INPUT -m state --state NEW -j cirith-tcp >-A INPUT -j LOG --log-prefix "DROP INPUT " --log-level 7 >-A INPUT -j DROP >-A cirith-tcp -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A cirith-tcp -p tcp -m tcp --dport 6880:6900 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A cirith-tcp -p tcp -m tcp --dport 59121 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A cirith-udp -p udp -m udp --dport 6880:6900 -j goodPacket >-A cirith-udp -p udp -m udp --dport 59121 -j goodPacket >-A goodPacket -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT >-A goodPacket -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT >-A goodPacket -p udp -j ACCEPT >-A goodPacket -j REJECT --reject-with icmp-port-unreachable >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --sport 20 --dport 21 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 137:139 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 892 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p udp -m udp --dport 137:139 -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 445 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p udp -m udp --dport 445 -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p udp -m udp --dport 515 -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 8000 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 8080 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 8118 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A local -s 192.168.0.0/255.255.0.0 -j LOG --log-prefix "DROP LOCAL " --log-level 7 >-A local -s 192.168.0.0/255.255.0.0 -j DROP >-A okICMP -p icmp -m icmp --icmp-type 0 -j ACCEPT >-A okICMP -p icmp -m icmp --icmp-type 8 -j ACCEPT >-A okICMP -p icmp -m icmp --icmp-type 14 -j ACCEPT >-A okICMP -p icmp -m icmp --icmp-type 13 -j ACCEPT >-A okICMP -p icmp -m icmp --icmp-type 11 -j ACCEPT >-A okICMP -p icmp -j DROP >COMMIT ># Completed on Wed Feb 13 15:19:36 2008 > >15:19:55 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> cat /etc/sysconfig/ip6tables ># Generated by ip6tables-save v1.3.8 on Wed Feb 13 15:19:43 2008 >*filter >:INPUT DROP [0:0] >:FORWARD DROP [0:0] >:OUTPUT ACCEPT [0:0] >:cirith-tcp - [0:0] >:goodPacket - [0:0] >:local - [0:0] >:okICMP - [0:0] >-A INPUT -s ::1/128 -j goodPacket >-A INPUT -m state --state INVALID -j DROP >-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >-A INPUT -p ipv6-icmp -m limit --limit 1/sec -j okICMP >-A INPUT -m state --state NEW -j cirith-tcp >-A INPUT -j LOG --log-prefix "DROP INPUT " --log-level 7 >-A INPUT -j DROP >-A cirith-tcp -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j goodPacket >-A goodPacket -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j ACCEPT >-A goodPacket -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT >-A goodPacket -j REJECT --reject-with icmp6-port-unreachable >-A okICMP -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT >-A okICMP -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT >-A okICMP -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT >-A okICMP -p ipv6-icmp -j DROP >COMMIT ># Completed on Wed Feb 13 15:19:43 2008 > >15:19:59 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> cat /etc/sysconfig/system-config-firewall ># Configuration file for system-config-firewall > >--enabled >--service=ssh > >15:20:09 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> rm /etc/sysconfig/ip*tables >rm: remove regular file `/etc/sysconfig/ip6tables'? y >rm: remove regular file `/etc/sysconfig/iptables'? y > >15:20:36 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> touch /etc/sysconfig/iptables; touch /etc/sysconfig/ip6tables > >15:20:53 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> service iptables start; service ip6tables start >iptables: Applying firewall rules: [ OK ] >ip6tables: Applying firewall rules: [ OK ] > >15:21:10 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> iptables -L -n >Chain INPUT (policy ACCEPT) >target prot opt source destination > >Chain FORWARD (policy ACCEPT) >target prot opt source destination > >Chain OUTPUT (policy ACCEPT) >target prot opt source destination > >15:21:18 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> ip6tables -L -n >Chain INPUT (policy ACCEPT) >target prot opt source destination > >Chain FORWARD (policy ACCEPT) >target prot opt source destination > >Chain OUTPUT (policy ACCEPT) >target prot opt source destination > >15:21:21 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> iptables -P INPUT FORWARD DROP >Bad argument `DROP' >Try `iptables -h' or 'iptables --help' for more information. > >15:22:21 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> iptables -P FORWARD DROP > >15:22:32 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> iptables -P INPUT DROP > >15:22:39 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> iptables -L >Chain INPUT (policy DROP) >target prot opt source destination > >Chain FORWARD (policy DROP) >target prot opt source destination > >Chain OUTPUT (policy ACCEPT) >target prot opt source destination > >15:22:44 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> cat /etc/sysconfig/iptables > >15:22:58 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> llz /etc/sysconfig/ip*tables >362429 4 -rw-r--r-- 1 unconfined_u:object_r:etc_t 0 0 0 2008-02-13 15:20 /etc/sysconfig/ip6tables >362375 4 -rw-r--r-- 1 unconfined_u:object_r:etc_t 0 0 0 2008-02-13 15:20 /etc/sysconfig/iptables > >15:23:16 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> system-config-firewall > >15:24:03 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> cat /etc/sysconfig/system-config-firewall ># Configuration file for system-config-firewall > >--enabled >--service=ssh > >15:24:10 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> cat /etc/sysconfig/iptables ># Generated by iptables-save v1.3.8 on Wed Feb 13 15:23:58 2008 >*filter >:INPUT DROP [1111:151642] >:FORWARD DROP [0:0] >:OUTPUT ACCEPT [6281:2166876] >COMMIT ># Completed on Wed Feb 13 15:23:58 2008 > >15:24:18 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> cat /etc/sysconfig/ip6tables ># Firewall configuration written by system-config-firewall ># Manual customization of this file is not recommended. >*filter >:INPUT ACCEPT [0:0] >:FORWARD ACCEPT [0:0] >:OUTPUT ACCEPT [0:0] >-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >-A INPUT -p ipv6-icmp -j ACCEPT >-A INPUT -i lo -j ACCEPT >-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT >-A INPUT -j REJECT --reject-with icmp6-adm-prohibited >-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited >COMMIT > >15:24:25 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> iptables -L >Chain INPUT (policy DROP) >target prot opt source destination > >Chain FORWARD (policy DROP) >target prot opt source destination > >Chain OUTPUT (policy ACCEPT) >target prot opt source destination > >15:24:30 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> ip6tables -L >Chain INPUT (policy ACCEPT) >target prot opt source destination >ACCEPT all anywhere anywhere state RELATED,ESTABLISHED >ACCEPT ipv6-icmp anywhere anywhere >ACCEPT all anywhere anywhere >ACCEPT tcp anywhere anywhere state NEW tcp dpt:ssh >REJECT all anywhere anywhere reject-with icmp6-adm-prohibited > >Chain FORWARD (policy ACCEPT) >target prot opt source destination >REJECT all anywhere anywhere reject-with icmp6-adm-prohibited > >Chain OUTPUT (policy ACCEPT) >target prot opt source destination > >15:24:33 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> service iptables stop; service ip6tables stop >iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] >iptables: Flushing firewall rules: [ OK ] >iptables: Setting chains to policy ACCEPT: filter [ OK ] >iptables: Unloading modules: [ OK ] >ip6tables: Saving firewall rules to /etc/sysconfig/ip6table[ OK ] >ip6tables: Flushing firewall rules: [ OK ] >ip6tables: Setting chains to policy ACCEPT: filter [ OK ] >ip6tables: Unloading modules: [ OK ] > >15:24:44 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> service iptables start; service ip6tables start >iptables: Applying firewall rules: [ OK ] >ip6tables: Applying firewall rules: [ OK ] > >15:24:56 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> iptables -L >Chain INPUT (policy DROP) >target prot opt source destination > >Chain FORWARD (policy DROP) >target prot opt source destination > >Chain OUTPUT (policy ACCEPT) >target prot opt source destination > >15:24:59 |root.cirithungol:3| |12 files:104K@scripts| |0 jobs| >> >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=294857">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 431961
: 294857