Bug 116939 - lookit writes wrong /etc/sysconfig/iptables
lookit writes wrong /etc/sysconfig/iptables
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: redhat-config-securitylevel (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-26 12:13 EST by Thomas Baumann
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-11 00:48:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thomas Baumann 2004-02-26 12:13:20 EST
Description of problem:

lokkit writes wrong /etc/sysconfig/iptables 
(i have a multihomed system with eth0 and eth1)

Version-Release number of selected component (if applicable):

redhat-config-securitylevel-tui-1.2.9-1

How reproducible:

always

Steps to Reproduce:
1. start lokkit
2. security-level > enabled
3. customize
4. allow incoming ssh
   allow incoming mail
   allow incoming ports 5000:5555  
   ( i want to allow ports from 5000 to 5555)
5. cat /etc/sysconfig/iptables 

Actual results:

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m 5555 -p 5555 --dport
5000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25
-j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Expected results:

a portrange defined for the ruleset

Additional info:

service iptables start
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore v1.2.8: Couldn't
load match `5555':/lib/iptables/libipt_5555.so: cannot open shared
object file: No such file or directory
 
Error occured at line: 16
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
                                                           [FAILED]
Comment 1 Bill Nottingham 2004-03-11 00:48:34 EST
It doesn't support portrange syntax.

foo:bar is interpreted as <port>:<protocol>. So it looks for protocol
5555.

Note You need to log in before you can comment on or make changes to this bug.