Bug 63497
Summary: | bug in firewall punch-through when rule already exists | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Dan Morrill <morrildl> |
Component: | initscripts | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.2 | CC: | rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | FC3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-09-29 19:47:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dan Morrill
2002-04-15 02:06:02 UTC
Oops, forgot a step to reproduce: 1. Add an ipchains rule (e.g. for syslog) 2. service ipchains restart 3. service network restart Oops, bug in the diff. Disregard previous diff, use this one. --- /etc/sysconfig/network-scripts/ifup-post.orig Sun Apr 14 21:52:09 2002+++ /etc/sysconfig/network-scripts/ifup-post Sun Apr 14 22:25:06 2002 @@ -90,7 +90,7 @@ ns=`awk '/^nameserver / { print $2 }' /etc/resolv.conf` if [ -n "$ns" ]; then for nameserver in $ns ; do - if ! ipchains -L input -n | grep -q $nameserver ; then + if ! ipchains -L input -n | grep "\<53\>" | grep -q $nameserver ; then ipchains -I input -s $nameserver/32 53 -d 0/0 1025:65535 -p udp -j ACCEPT [ -x /usr/bin/logger ] && logger $"punching nameserver $nameserver through the firewall" Any progress on this? I'm writing a book and need to know if this will be resolved or not in 7.3. :) (Not that it matters either way -- you can make a case for NOTABUG; I'd just like to know if it's going to be fixed.) Whoops, sorry, no it wasn't fixed in 7.3. I was looking at ifup-post in null, and it looks like this fix for DNS punch-throughs didn't make it in, though the file was converted to use iptables. (Unless I'm mistaken of course -- I haven't tested this yet, but it looks like it'll have the same problem as 7.2/7.3.) Just a reminder... :) Closing bugs on older, no longer supported, releases. Apologies for any lack of response. Current releases no longer use this code, so it's unlikely changes will be made to previous releases. |