Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 111999

Summary: "service iptables save" mangling some iptables rules
Product: Red Hat Enterprise Linux 3 Reporter: James Martin <james_martin>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: bobby.clark, dmateo, elliot, guardn, john, tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.2.8-12.3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-12-17 13:51:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Martin 2003-12-12 17:38:24 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Gecko/20031007 Firebird/0.7

Description of problem:
Start with a fresh iptables ruleset.

service iptables stop
rm /etc/sysconfing/iptables

add the following rule (among other if you wish):

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT


service iptables save

now if you try a "service iptables start" you will get:

"Applying iptables firewall rules: Bad argument `any'"


cat your /etc/sysconfig/iptables and it appears that the "service
iptables save" did not save the command correctly:

cat /etc/sysconfig/iptables|grep icmp

returns

-A INPUT -p icmp -m icmp any -j ACCEPT





Version-Release number of selected component (if applicable):
iptables-1.2.8-12

How reproducible:
Always

Steps to Reproduce:
1. service iptables stop
2. rm /etc/sysconfing/iptables
3. iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
4. service iptables save
5. service iptables start
    

Actual Results:  "Applying iptables firewall rules: Bad argument `any'"

Expected Results:  iptables should start without error.

Additional info:

Comment 2 James Martin 2003-12-22 17:53:16 UTC
Seems to work, but when will this be available on the RHN?

Comment 3 Christian Hofmann 2004-01-22 15:05:11 UTC
This makes iptables and the redhat-firewall not reread the firewall 
rules after a boot. 

I would consider this a major security flaw!

Most peoply rely on these scripts to be able to restore the 
previously saved firewall rules.



Comment 4 Thomas Woerner 2004-03-09 16:43:29 UTC
*** Bug 117753 has been marked as a duplicate of this bug. ***

Comment 5 Thomas Woerner 2004-03-15 11:02:48 UTC
*** Bug 118155 has been marked as a duplicate of this bug. ***

Comment 6 Thomas Woerner 2004-04-06 08:24:28 UTC
*** Bug 119882 has been marked as a duplicate of this bug. ***

Comment 7 Elliot Peele 2004-04-27 18:20:40 UTC
Any idea when this is going to be released? It has been a little over
four months.