Red Hat Bugzilla – Bug 111999
"service iptables save" mangling some iptables rules
Last modified: 2007-11-30 17:06:59 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Description of problem:
Start with a fresh iptables ruleset.
service iptables stop
add the following rule (among other if you wish):
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
service iptables save
now if you try a "service iptables start" you will get:
"Applying iptables firewall rules: Bad argument `any'"
cat your /etc/sysconfig/iptables and it appears that the "service
iptables save" did not save the command correctly:
cat /etc/sysconfig/iptables|grep icmp
-A INPUT -p icmp -m icmp any -j ACCEPT
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. service iptables stop
2. rm /etc/sysconfing/iptables
3. iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
4. service iptables save
5. service iptables start
Actual Results: "Applying iptables firewall rules: Bad argument `any'"
Expected Results: iptables should start without error.
Fixed in 1.2.8-12.3.
Please have a look at:
Seems to work, but when will this be available on the RHN?
This makes iptables and the redhat-firewall not reread the firewall
rules after a boot.
I would consider this a major security flaw!
Most peoply rely on these scripts to be able to restore the
previously saved firewall rules.
*** Bug 117753 has been marked as a duplicate of this bug. ***
*** Bug 118155 has been marked as a duplicate of this bug. ***
*** Bug 119882 has been marked as a duplicate of this bug. ***
Any idea when this is going to be released? It has been a little over