Bug 111999
| Summary: | "service iptables save" mangling some iptables rules | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | James Martin <james_martin> |
| Component: | iptables | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.0 | CC: | bobby.clark, dmateo, elliot, guardn, john, tao |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.2.8-12.3 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-12-17 13:51:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in 1.2.8-12.3. Please have a look at: http://people.redhat.com/twoerner/RPMS/3.0E/iptables-1.2.8-12.3.i386.rpm http://people.redhat.com/twoerner/RPMS/3.0E/iptables-debuginfo-1.2.8-12.3.i386.rpm http://people.redhat.com/twoerner/RPMS/3.0E/iptables-ipv6-1.2.8-12.3.i386.rpm http://people.redhat.com/twoerner/SRPMS/3.0E/iptables-1.2.8-12.3.src.rpm Seems to work, but when will this be available on the RHN? This makes iptables and the redhat-firewall not reread the firewall rules after a boot. I would consider this a major security flaw! Most peoply rely on these scripts to be able to restore the previously saved firewall rules. *** Bug 117753 has been marked as a duplicate of this bug. *** *** Bug 118155 has been marked as a duplicate of this bug. *** *** Bug 119882 has been marked as a duplicate of this bug. *** Any idea when this is going to be released? It has been a little over four months. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 Firebird/0.7 Description of problem: Start with a fresh iptables ruleset. service iptables stop rm /etc/sysconfing/iptables add the following rule (among other if you wish): iptables -A INPUT -p icmp --icmp-type any -j ACCEPT service iptables save now if you try a "service iptables start" you will get: "Applying iptables firewall rules: Bad argument `any'" cat your /etc/sysconfig/iptables and it appears that the "service iptables save" did not save the command correctly: cat /etc/sysconfig/iptables|grep icmp returns -A INPUT -p icmp -m icmp any -j ACCEPT Version-Release number of selected component (if applicable): iptables-1.2.8-12 How reproducible: Always Steps to Reproduce: 1. service iptables stop 2. rm /etc/sysconfing/iptables 3. iptables -A INPUT -p icmp --icmp-type any -j ACCEPT 4. service iptables save 5. service iptables start Actual Results: "Applying iptables firewall rules: Bad argument `any'" Expected Results: iptables should start without error. Additional info: