Bug 157732
Summary: | A default firewall bug in rules of /etc/sysconfig/iptables | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | hipodilski <hipo> |
Component: | system-config-securitylevel | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | mattdm |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-22 11:41:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
hipodilski
2005-05-14 08:41:06 UTC
The default firewall configuration is generated in anaconda. Yes, that is the default rule that will block anything not specifically allowed by the previous rules. What are you trying to do and what ports/protocols does it use? Most likely, you just need to add that information to the "other ports" field in system-config-securitylevel to allow the service. I'm not trying to do anything. And i receive this error message from the router. Every few seconds. Removing the rule i don't get the "ICMP dest unreachable" message. And everything seems to be okay. Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you! Dropping the reject rule will open up the firewall for all traffic. Therefgore this is no solution at all. icmp-host-prohibited is a valid reject type and the router should honor this. This is not a bug in the firewall configuration, it is a bug in the router configuration - some kind of availability check. Closing as "NOT A BUG". |