Description of problem: When user wants to use ip{,6}tables & initscripts instead of firewalld, he must always create /etc/sysconfig/iptables and /etc/sysconfig/ip6tables configuration files from scratch. Better will be to ship default set of rules together with iptables-services. Version-Release number of selected component (if applicable): iptables-1.4.19.1-1.fc20 How reproducible: always Steps to Reproduce: 1. install iptables-services and remove firewalld 2. manually create default ip{,6}tables sysconfig files Actual results: Sysconfig files have to be created manually from scratch. Expected results: Pre-installed sysconfig files with default "REJECT" policy. Additional info: I will attach proposed patch.
Created attachment 828986 [details] Proposed patch The patch adds /etc/sysconfig/iptables and /etc/sysconfig/ip6tables config files which were present on every system in pre-firewalld era.
Hi Adam, in the pre-firewalld era these files were created by anaconda during install (bug #860465, comment #6). But I tend to agree with you that there should be default configuration for ip[6]tables services. firewalld also has a "default" configuration. Thomas, do you see any problem with shipping these files ?
*** Bug 1031127 has been marked as a duplicate of this bug. ***
I am ok with the default rule set so far. You can still use lokkit to create the default rule set, after installing it: "lokkit --service=ssh" BTW: Further changes to the default ip*tables services rule set to add or remove services, ports, etc. set will most likely be closed WONTFIX.
Added in iptables-1.4.21-4.fc21
(In reply to Jiri Popelka from comment #5) > Added in iptables-1.4.21-4.fc21 Great, thank you very much!