Bug 33421
| Summary: | ipchains removes rules on shutdown | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Matthew Kirkwood <matthew> |
| Component: | ipchains | Assignee: | Mike A. Harris <mharris> |
| Status: | CLOSED WONTFIX | QA Contact: | David Lawrence <dkl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.2 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2002-01-28 12:07:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Matthew Kirkwood
2001-03-27 16:56:31 UTC
The problem with that is that if someone wants to disable their firewall, say to use the machine without a firewall at all, their machine is now firewalled off completely. I agree with what you are saying though, but any solution needs to take every circumstance into consideration. The ipchains script on "stop" should put the system back into the state it was when the script was started. So perhaps we could have the rc.sysinit set the default firewall policy first, and then ipchains script would read that setting and act appropriately. Unfortunately, doing this by default would kill DHCP completely and possibly other things too. Feel free to add more thoughts to help try to come up with an adequate solution. It might suffice just to desist from flushing the rules at shutdown. It could check for $CONFIRM if there isn't already a better way to do this. Defering for future consideration. I've decided against this enhancement as I dont believe it is a good idea for the general case. |