Bug 770827

Summary: No init script provided
Product: [Fedora] Fedora EPEL Reporter: Roland Wolters <roland.wolters>
Component: fermAssignee: Pavel Alexeev <pahan>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el5CC: pahan, sven
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-07 05:17:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Roland Wolters 2011-12-29 11:24:10 UTC 
Description of problem:
The current ferm package does not come along with an init script or any other prepared method to start ferm at bootup.

Version-Release number of selected component (if applicable):
2.0.9

How reproducible:
Install ferm, and see, that no files are installed in /etc.

Steps to Reproduce:
1. install ferm
2. configure iptable rules
3. reboot computer and realize that all your beautiful rules are not effective.
  
Actual results:
Ferm rules are not read at boot.

Expected results:
The ferm rules should be applied automatically - or there should at least be a init.d job you could activate with chkconfig.

Additional info:
Most other distributions ship init files, so it should be possible to just get them there.
Comment 1 Pavel Alexeev 2012-01-01 21:38:24 UTC 
Hm...
Very interesting. And what you suggest?? What init script do you want? Ferm is script, just command-line utility, it is not daemon.

May be you want just after apply your rules like:
# ferm firewall.ferm
save it to system wide:
# iptables-save > /etc/sysconfig/iptables-config
?

I'll hope it helps. Do not hesitate to reopen this if you had searching something other.
Comment 2 Roland Wolters 2012-01-05 19:06:04 UTC 
Hej Pavel,

the idea was to have a script which loads the ferm configuration at boot to make sure that no other process or no other modifcation of iptables  screwed up anything - and to make sure that the ferm rules apply even if someone forgot to launch ferm.

Debian has such a script: http://packages.debian.org/de/sid/ferm
(Check the diff and serach for "init")

Maybe that clears what I mean.
Comment 3 Pavel Alexeev 2012-01-06 10:36:01 UTC 
Again - there is standard RedHat way to store rules. For what we may want create some other? Do you satisfied by mentioned before commands to store that rules?
Comment 4 Roland Wolters 2012-01-07 00:35:53 UTC 
I never had problems storing or applying the rules which are generated by ferm. That can be done by the above mentioned commands, as you stated correctly.

The problem I see is that the current ferm package for Fedora or EL does not come along with a bootup script which enforces the current ferm rule set at boot time. That's all. Such a method is given in packages for other distributions like Debian/Ubuntu or Arch Linux.

However, if you state that such a method is not needed in Fedora or EL, than feel free to close this bug as wontfix.
Comment 5 Pavel Alexeev 2012-01-07 05:17:38 UTC 
Additional problem there what it should be systemd unit instead of init script now.
So, I have not see any advantage of that. If you think it may be, please ask in ML.

P.S. In general, may be have worth speaking about it also with upstream author to include some such possibility into ferm itself.