| Summary: | Ship default /etc/sysconfig/iptables and ip6tables config files | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Adam Tkac <vonsch> | ||||
| Component: | iptables | Assignee: | Thomas Woerner <twoerner> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 20 | CC: | corcodel.marian, jpopelka, psabata, twoerner | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | iptables-1.4.21-4.fc21 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-01-10 15:55:29 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Created attachment 828986 [details]
Proposed patch
The patch adds /etc/sysconfig/iptables and /etc/sysconfig/ip6tables config files which were present on every system in pre-firewalld era.
Hi Adam, in the pre-firewalld era these files were created by anaconda during install (bug #860465, comment #6). But I tend to agree with you that there should be default configuration for ip[6]tables services. firewalld also has a "default" configuration. Thomas, do you see any problem with shipping these files ? *** Bug 1031127 has been marked as a duplicate of this bug. *** I am ok with the default rule set so far. You can still use lokkit to create the default rule set, after installing it: "lokkit --service=ssh" BTW: Further changes to the default ip*tables services rule set to add or remove services, ports, etc. set will most likely be closed WONTFIX. Added in iptables-1.4.21-4.fc21 (In reply to Jiri Popelka from comment #5) > Added in iptables-1.4.21-4.fc21 Great, thank you very much! |
Description of problem: When user wants to use ip{,6}tables & initscripts instead of firewalld, he must always create /etc/sysconfig/iptables and /etc/sysconfig/ip6tables configuration files from scratch. Better will be to ship default set of rules together with iptables-services. Version-Release number of selected component (if applicable): iptables-1.4.19.1-1.fc20 How reproducible: always Steps to Reproduce: 1. install iptables-services and remove firewalld 2. manually create default ip{,6}tables sysconfig files Actual results: Sysconfig files have to be created manually from scratch. Expected results: Pre-installed sysconfig files with default "REJECT" policy. Additional info: I will attach proposed patch.