Bug 120559 - "No Firewall" still installs basic firewall
Summary: "No Firewall" still installs basic firewall
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda   
(Show other bugs)
Version: rawhide
Hardware: athlon Linux
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Mike McLean
Depends On:
TreeView+ depends on / blocked
Reported: 2004-04-10 19:38 UTC by Joel Newkirk
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-06-24 10:10:39 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Joel Newkirk 2004-04-10 19:38:39 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040118 Firebird/0.7+

Description of problem:
When selecting (and reiterating later) "No Firewall" during
installation (Fedora Core2 test2, but earlier FC & RH releases as
well) it still installs a basic 'workstation-style' firewall, allowing
only ESTABLISHED and RELATED state traffic in.

If "No Firewall" is selected (and confirmed via pop-up) then there
should be NO default rules stored in /etc/sysconfig/iptables.  The
first thing I do after an install (network unplugged) is login and
configure services and a custom firewall startup - I shouldn't need to
flush rules, delete a chain, and re-save the empty ruleset - that's
why I selected "No Firewall" in the first place...

(And maybe change 'RH' in added firewall chain names to 'FC' ?)


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. select "no firewall" during the pertinent installation step
2. reiterate "no firewall" when pop-up prompts
3. after reboot, "iptables -vnL"

Actual Results:  INPUT chain default policy set to DROP
single INPUT chain rule pointing to custom chain
custom chain accepting ESTABLISHED & RELATED state connections, input
on lo, etc.

Expected Results:  INPUT policy ACCEPT
No rules.

Additional info:

(I've not selected "security" for severity since, while definitely
security-related, it's not a lessening or breach in security)

Comment 1 Jeremy Katz 2004-04-11 18:38:29 UTC
This is fixed post-test2

Note You need to log in before you can comment on or make changes to this bug.