Bug 195918
Summary: | iptables missing time module | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Hesty <hestyp> |
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | jonstanley |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-08 00:04:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 233475 |
Description
Hesty
2006-06-19 16:27:01 UTC
This is actually a bug with relation to fwbuilder too. Fwbuilder is a feature rich GUI for making firewall changes, and it contains the GUI elements needed to add time restraints to firewall rules. When time restraints are added, the scripts fail due to the mis-compiled iptables. Time based rules are a basic feature for any complex firewall. Very often times rules allow a firewall to open for a once-a-day file transfer, and to have a constantly open port would be a security hazard. This is a good way to limit the expose of known-weak ports. I am surprised that this has not been fixed in FC6 since I assume that the problem is simply an incorrect compile flag. The time module is not enabled in the kernel and the header file is therefore not part of kernel-headers. Please assign to kernel for inclusion there and then to kernel-headers. A simple rebuild iptables will then enable it there, too. There is no config option available for MATCH_TIME. Apparently there have been some patches floating around but they were never merged into the kernel. How did that option get into our netfilter package and its manpage? (Anyone who wants to open and close ports at certain times can do it easily with a cron job.) Hello, I'm reviewing this bug as part of the kernel bug triage project, an attempt to isolate current bugs in the Fedora kernel. http://fedoraproject.org/wiki/KernelBugTriage I am CC'ing myself to this bug, however this version of Fedora is no longer maintained. Please attempt to reproduce this bug with a current version of Fedora (presently Fedora 8). If the bug no longer exists, please close the bug or I'll do so in a few days if there is no further information lodged. Thanks for using Fedora! Closing per previous comment. If you can provide the requested information, please feel free to re-open this bug. |