Bug 138143
| Summary: | RFE: Avoid implicitly overwriting user customizations to the firewall (e.g. manual additions to /etc/sysconfig/iptables) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel L. Rall <dlr> | ||||
| Component: | system-config-firewall | Assignee: | Thomas Woerner <twoerner> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | amessina, bfox, jshin, mattdm, nobody+pnasrat, zaiwen | ||||
| Target Milestone: | --- | Keywords: | FutureFeature | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | [data loss can occur without this change] | ||||||
| Fixed In Version: | Doc Type: | Enhancement | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-05-05 12:15:57 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 175947 | ||||||
| Bug Blocks: | 177950 | ||||||
| Attachments: |
|
||||||
|
Description
Daniel L. Rall
2004-11-04 22:30:46 UTC
Created attachment 106196 [details]
Sample iptables configuration file generated by system-config-securitylevel, then subsequently manually edited
Currently this is how s-c-securitylevel works, it assumes that it's in control Future work will enable better customisation see bug #124161 for example. The correct fix here is to enable it so you can configure what you need via gui/tui. That's not really a reason _why_. And it sucks. In bug #124161, Paul suggested that I re-open this bug as an enhancement. Without this change, users lacking the non-obvious piece of knowledge that "system-config-securitylevel assumes it's in control" cannot make edits to /etc/sysconfig/iptables, nor use any other related software which writes iptables' config file. Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match. *** Bug 171947 has been marked as a duplicate of this bug. *** *** Bug 173231 has been marked as a duplicate of this bug. *** (In reply to comment #5) > Fedora Core 2 is now maintained by the Fedora Legacy project for > security updates only. If this problem is a security issue, please > reopen and reassign to the Fedora Legacy product. If it is not a > security issue and hasn't been resolved in the current FC3 updates or > in the FC4 test release, reopen and change the version to match. The bugs that have been marked duplicates of this bug were opened against FC4, so there should not be a need to reopen the bug in those versions as they are already there. What is the status on this bug? Waiting for some movement on bug 175947, which I made this one depend on a while back. Getting that one done will give me a quick and easy way to take care of this one. This bug depends on bug 175947, but it's closed as 'not a bug'.... The next version will contain a potential fix for this issue - it will allow specifying a custom rules file in the format of iptables-save that gets included after all the default rules. The GUI and lokkit command line interfaces support a method of setting this parameter, but the text UI currently does not (however, it will not nuke the setting if you add it via the command line and then run the text interface). Adding FutureFeature keyword to RFE's. Please use the custom rules feature of system-config-firewall, which replaced system-config-securitylevel. Closing as rawhide. |