Bug 36279

Summary: iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)
Product: [Retired] Red Hat Linux Reporter: Need Real Name <olaf.schnapauff>
Component: iptablesAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: high    
Version: 7.1CC: dr
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-04-17 14:50:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2001-04-17 14:43:19 UTC 
iptables-1.2.0 as used in wolverine is buggy. the init-scripts use
iptables-restore and iptables-save for firewall rules initialization but
silently fail to do so correctly. this means that after a reboot the
firewall might contain wrong rules (mostly missing ports). This is a know
iptables bug and seems fixed in 1.2.1a for the tests i have run. 

Generally the -save and -restore functionality was aparently hard to
implement correctly, it should be pondered if they really should be used
already. 

For sure iptables-1.2.0 must asap be replaced in 7.1 if not done so
already, to version 1.2.1a (the most recent)

Olaf
Comment 1 Bernhard Rosenkraenzer 2001-04-18 21:55:01 UTC 
We're shipping 1.2.1a