Bug 80497

Summary: Firstboot fails to remove opening for port 123
Product: [Retired] Red Hat Linux Reporter: Need Real Name <holderm>
Component: firstbootAssignee: Brent Fox <bfox>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-05-27 20:53:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2002-12-27 07:29:02 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
firstboot ntpd fails to remove an open port 123, example below:

Dec 23 11:26:33 opus firstboot: ntpd: Removing firewall opening for port 123
Dec 23 11:26:33 opus firstboot: iptables: Bad rule (does a matching rule exist
in that chain?)
Dec 23 11:26:33 opus ntpd:  failed
Dec 23 11:26:33 opus firstboot: 
Dec 23 11:26:33 opus firstboot:
Dec 23 11:26:33 opus firstboot: Shutting down ntpd:
Dec 23 11:26:33 opus ntpd: ntpd shutdown failed

It might be confused by the RH-Lokkit-0-50-INPUT chain???

[root@opus root]# iptables -n -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:80
flags:0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:21
flags:0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22
flags:0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:23
flags:0x16/0x02
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  {my DNS}             0.0.0.0/0          udp spt:53
ACCEPT     udp  --  {my other DNS}       0.0.0.0/0          udp spt:53
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
reject-with icmp-port-unreachable
REJECT     udp  --  0.0.0.0/0            0.0.0.0/0          udp reject-with
icmp-port-unreachable


Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1.build a new system
2.let firstboot run
3.I'm pretty sure I just picked the defaults, decided not to sign up for that
up2date thing if that has any impact on this
    

Additional info:
Comment 1 Brent Fox 2003-05-27 20:53:52 UTC 
The ntp that shipped in RHL 9 should be able to open a hole in the firewall for
itself, so this issues should be fixed in the current release.