Bug 120559 - "No Firewall" still installs basic firewall
"No Firewall" still installs basic firewall
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
rawhide
athlon Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-10 15:38 EDT by Joel Newkirk
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-24 06:10:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joel Newkirk 2004-04-10 15:38:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040118 Firebird/0.7+

Description of problem:
When selecting (and reiterating later) "No Firewall" during
installation (Fedora Core2 test2, but earlier FC & RH releases as
well) it still installs a basic 'workstation-style' firewall, allowing
only ESTABLISHED and RELATED state traffic in.

If "No Firewall" is selected (and confirmed via pop-up) then there
should be NO default rules stored in /etc/sysconfig/iptables.  The
first thing I do after an install (network unplugged) is login and
configure services and a custom firewall startup - I shouldn't need to
flush rules, delete a chain, and re-save the empty ruleset - that's
why I selected "No Firewall" in the first place...

(And maybe change 'RH' in added firewall chain names to 'FC' ?)

j

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. select "no firewall" during the pertinent installation step
2. reiterate "no firewall" when pop-up prompts
3. after reboot, "iptables -vnL"
    

Actual Results:  INPUT chain default policy set to DROP
single INPUT chain rule pointing to custom chain
custom chain accepting ESTABLISHED & RELATED state connections, input
on lo, etc.

Expected Results:  INPUT policy ACCEPT
No rules.

Additional info:

(I've not selected "security" for severity since, while definitely
security-related, it's not a lessening or breach in security)
Comment 1 Jeremy Katz 2004-04-11 14:38:29 EDT
This is fixed post-test2

Note You need to log in before you can comment on or make changes to this bug.