Bug 355561
| Summary: | RFE: s-c-f: don't give configuration failed in lokkit if ipv6 is disabled | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | David Timms <dtimms> |
| Component: | system-config-firewall | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | Keywords: | Reopened |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-11-06 10:56:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Copy / pasting the lokkit command in a root terminal returns without error. No
error if --quiet is removed.
Modified fw_gui.py to print the return status from lokkit: 256
This triggers the error message since >0
Added -v to the lokkit command:
Failed to start ip6tables.
# service ip6tables status
ip6tables: Firewall is not running.
# chkconfig --list ip6tables
ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
In fact I run with ipv6 disabled using: /etc/modprobe.conf:
install ipv6 /bin/true
and I hence if I: service ip6tables start
Applying ip6tables firewall rules: ip6tables-restore v1.3.8: ip6tables-restore:
unable to initialize table 'filter'
Error occurred at line: 3
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
[FAILED]
The error is generated in /usr/sbin/lokkit [line 152 or so]:
ip6tables.write(config)
ip6t_status = ip6tables.restart()
if config.verbose and ip6t_status != 0:
print _("Failed to start %s.") % "ip6tables"
In this case ip6t_status=1
So: it would be nice to detect whether ipv4 or ipv6 kernel module is actually
loaded before erroring that the firewall config couldn't be applied at all.
I guess it would be nice {for tech user} to see ip6table could not be loaded
because ip6 has been disabled, but that might be too much information for
average user ?
oops: read the resolution items, and left the resolve bug item selected. doh. Fixed in rawhide and F-8 in packages: system-config-firewall-1.0.9-1 iptables-1.3.8-6 system-config-firewall-1.0.9-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-firewall' Fixed in rawhide and F-8 in packages system-config-firewall-1.0.9-1 and iptables-1.3.8-6. |
Description of problem: Adding a new port to firewall is accepted. When Apply is clicked the UI says it failed. However, it did actually config iptables. Version-Release number of selected component (if applicable): rpm -qa|grep -E 'kernel|lok|fire|sel|iptab'|sort iptables-1.3.8-5.fc8 iptables-ipv6-1.3.8-5.fc8 kernel-2.6.23.1-23.fc8 kernel-2.6.23.1-31.fc8 kernel-headers-2.6.23.1-31.fc8 libselinux-2.0.37-1.fc8 libselinux-python-2.0.37-1.fc8 selinux-policy-3.0.8-32.fc8 selinux-policy-targeted-3.0.8-32.fc8 system-config-firewall-1.0.8-1.fc8 system-config-firewall-tui-1.0.8-1.fc8 How reproducible: Will try shortly from rawhide-2007-10-24-dvd Steps to Reproduce: 1. s-c-f 2. other ports|add 3. user-defined 5903 tcp|ok 4. entry is added to list {by the way: even if it is a duplicate!} 5. apply|yes Actual results: gui dialog: configuration failed /usr/sbin/lokkit --quiet -f --enabled --no-mdns --port=22:tcp --removemodule=nf_conntrack_ftp --removemodule=nf_conntrack_netbios_ns --port=56888:tcp --port=56888:udp --port=5901:tcp --port=5903:tcp iptables --list shows that the new port 5903 is actually allowed. Expected results: iptables --list shows that the new port 5903 is actually allowed. No error dialog. Additional info: Occurs with other port nums and UDP ports - both actually config the firewall. Clicking close after this occurs: There are unapplied changes do you really want to quit, yes no. Perhaps the lokkit result is not being read properly. Unlike bug 334851 the settings do save to the firewall config; it just looks like it hasn't. The versions mentioned there are applied on this machine {current rawhide} and it has been rebooted, without resolution.