Bug 111999 - "service iptables save" mangling some iptables rules
"service iptables save" mangling some iptables rules
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: iptables (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
:
: iptables-save 118155 119882 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-12 12:38 EST by James Martin
Modified: 2007-11-30 17:06 EST (History)
6 users (show)

See Also:
Fixed In Version: 1.2.8-12.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-17 08:51:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James Martin 2003-12-12 12:38:24 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Gecko/20031007 Firebird/0.7

Description of problem:
Start with a fresh iptables ruleset.

service iptables stop
rm /etc/sysconfing/iptables

add the following rule (among other if you wish):

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT


service iptables save

now if you try a "service iptables start" you will get:

"Applying iptables firewall rules: Bad argument `any'"


cat your /etc/sysconfig/iptables and it appears that the "service
iptables save" did not save the command correctly:

cat /etc/sysconfig/iptables|grep icmp

returns

-A INPUT -p icmp -m icmp any -j ACCEPT





Version-Release number of selected component (if applicable):
iptables-1.2.8-12

How reproducible:
Always

Steps to Reproduce:
1. service iptables stop
2. rm /etc/sysconfing/iptables
3. iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
4. service iptables save
5. service iptables start
    

Actual Results:  "Applying iptables firewall rules: Bad argument `any'"

Expected Results:  iptables should start without error.

Additional info:
Comment 2 James Martin 2003-12-22 12:53:16 EST
Seems to work, but when will this be available on the RHN?
Comment 3 Christian Hofmann 2004-01-22 10:05:11 EST
This makes iptables and the redhat-firewall not reread the firewall 
rules after a boot. 

I would consider this a major security flaw!

Most peoply rely on these scripts to be able to restore the 
previously saved firewall rules.

Comment 4 Thomas Woerner 2004-03-09 11:43:29 EST
*** Bug 117753 has been marked as a duplicate of this bug. ***
Comment 5 Thomas Woerner 2004-03-15 06:02:48 EST
*** Bug 118155 has been marked as a duplicate of this bug. ***
Comment 6 Thomas Woerner 2004-04-06 04:24:28 EDT
*** Bug 119882 has been marked as a duplicate of this bug. ***
Comment 7 Elliot Peele 2004-04-27 14:20:40 EDT
Any idea when this is going to be released? It has been a little over
four months.

Note You need to log in before you can comment on or make changes to this bug.