Bug 886503
| Summary: | Several duplicated rules after --zone work --permanent --add-service smtp | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Lukáš Zachar <lzachar> | ||||||||||
| Component: | firewalld | Assignee: | Thomas Woerner <twoerner> | ||||||||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||
| Severity: | unspecified | Docs Contact: | |||||||||||
| Priority: | unspecified | ||||||||||||
| Version: | 18 | CC: | akostadi, jpopelka, twoerner | ||||||||||
| Target Milestone: | --- | ||||||||||||
| Target Release: | --- | ||||||||||||
| Hardware: | Unspecified | ||||||||||||
| OS: | Unspecified | ||||||||||||
| Whiteboard: | |||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
| Doc Text: | Story Points: | --- | |||||||||||
| Clone Of: | Environment: | ||||||||||||
| Last Closed: | 2012-12-12 16:36:22 UTC | Type: | Bug | ||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||
| Documentation: | --- | CRM: | |||||||||||
| Verified Versions: | Category: | --- | |||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
| Embargoed: | |||||||||||||
| Attachments: |
|
||||||||||||
Created attachment 662324 [details]
log_messages
Created attachment 662325 [details]
changed_zone_to_work
Whole iptables-save output after the change of interface zone to work and --reload. This was before smtp got added to that zone.
Created attachment 662402 [details]
log_firewald_debug
Reproduced with FIREWALLD_ARGS=--debug=2 in /etc/sysconfig/firewalld.
The produced work.xml is OK though: # cat /etc/firewalld/zones/work.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Work</short> <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ipp-client"/> <service name="mdns"/> <service name="smtp"/> <service name="dhcpv6-client"/> <service name="ssh"/> </zone> If you remove /etc/firewalld/zones/work.xml does it remove duplication? It does for me. It seems like a bug with built-in zones after customizations are made. It does. But without that file the configuration is not permanent, is it? *** This bug has been marked as a duplicate of bug 886515 *** |
Created attachment 662323 [details] log_firewalld Description of problem: When I followed steps of the firewalld test day, the iptables-save | grep contained several repeated rules. For the following the zone of the active interface was changed to work. Version-Release number of selected component (if applicable): firewalld-0.2.11-1.fc18.noarch How reproducible: reproduced Steps to Reproduce: 1. firewall-cmd --zone work --permanent --add-service smtp 2. firewall-cmd --reload 3. iptables-save | grep work Actual results: some rules are repeated - sort | uniq -d shows: -A IN_ZONE_work_allow -d X.X.X.X/Y -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT -A IN_ZONE_work_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT -A IN_ZONE_work_allow -p udp -m udp --dport 631 -m conntrack --ctstate NEW -j ACCEPT Expected results: all rules are listed once, hence sort | uniq -d has empty output Additional info: Other duplicity happened just after the change of interface zone to work (using system settings->network->options->general) and firewalld-cmd --reload. After reverting back to the default (public) zone it was again without duplicities.