Bug 68368

Summary: ifup-post doesn't punch dns server holes
Product: [Retired] Red Hat Public Beta Reporter: Frank Sweetser <fs>
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: limboCC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-08-13 20:53:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 67217    

Description Frank Sweetser 2002-07-09 16:05:47 UTC 
The current version of ifup-post appears to still use ipchains, and checks for
/etc/sysconfig/ipchains to see if it's in use.  Since limbo uses iptables,
though, the holes for DNS replies to get back from the servers get dropped if
"high" security setting is selected.
Comment 1 Bill Nottingham 2002-07-17 05:00:16 UTC 
*** Bug 68151 has been marked as a duplicate of this bug. ***
Comment 2 Bill Nottingham 2002-07-17 05:08:54 UTC 
Should be fixed in 6.87-1.
Comment 3 Jay Turner 2002-07-29 20:55:37 UTC 
Bill, think that we still have a bit of a problem here.  This is what I show
with initscripts-6.88-1:

if [ "$FIREWALL_MODS" != "no" -a -f /etc/sysconfig/ipchains ] && \

Shouldn't that be "-a -f /etc/sysconfig/iptables ]"?
Comment 4 Bill Nottingham 2002-08-13 20:53:42 UTC 
That would help, duh. Will be fixed in 6.89-1.
Comment 5 Jay Turner 2002-08-15 17:52:06 UTC 
Fix confirmed with initscripts-6.90-1.