Bug 111999 - "service iptables save" mangling some iptables rules
Summary: "service iptables save" mangling some iptables rules
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: iptables (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact:
: iptables-save 118155 119882 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2003-12-12 17:38 UTC by James Martin
Modified: 2007-11-30 22:06 UTC (History)
6 users (show)

Fixed In Version: 1.2.8-12.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-12-17 13:51:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2004:123 normal SHIPPED_LIVE An updated iptables package fixes an icmp-type bug in iptables-save 2004-05-12 04:00:00 UTC

Description James Martin 2003-12-12 17:38:24 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Gecko/20031007 Firebird/0.7

Description of problem:
Start with a fresh iptables ruleset.

service iptables stop
rm /etc/sysconfing/iptables

add the following rule (among other if you wish):

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT

service iptables save

now if you try a "service iptables start" you will get:

"Applying iptables firewall rules: Bad argument `any'"

cat your /etc/sysconfig/iptables and it appears that the "service
iptables save" did not save the command correctly:

cat /etc/sysconfig/iptables|grep icmp


-A INPUT -p icmp -m icmp any -j ACCEPT

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. service iptables stop
2. rm /etc/sysconfing/iptables
3. iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
4. service iptables save
5. service iptables start

Actual Results:  "Applying iptables firewall rules: Bad argument `any'"

Expected Results:  iptables should start without error.

Additional info:

Comment 2 James Martin 2003-12-22 17:53:16 UTC
Seems to work, but when will this be available on the RHN?

Comment 3 Christian Hofmann 2004-01-22 15:05:11 UTC
This makes iptables and the redhat-firewall not reread the firewall 
rules after a boot. 

I would consider this a major security flaw!

Most peoply rely on these scripts to be able to restore the 
previously saved firewall rules.

Comment 4 Thomas Woerner 2004-03-09 16:43:29 UTC
*** Bug 117753 has been marked as a duplicate of this bug. ***

Comment 5 Thomas Woerner 2004-03-15 11:02:48 UTC
*** Bug 118155 has been marked as a duplicate of this bug. ***

Comment 6 Thomas Woerner 2004-04-06 08:24:28 UTC
*** Bug 119882 has been marked as a duplicate of this bug. ***

Comment 7 Elliot Peele 2004-04-27 18:20:40 UTC
Any idea when this is going to be released? It has been a little over
four months.

Note You need to log in before you can comment on or make changes to this bug.