Bug 123938 – (RFE) ypbind should punch a hole in the firewall

Bug 123938 - (RFE) ypbind should punch a hole in the firewall

Summary:	(RFE) ypbind should punch a hole in the firewall

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	ypbind (Show other bugs)
Sub Component:
Version:	4
Hardware:	i686 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Chris Feist
QA Contact:	Ben Levenson
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-05-21 16:57 EDT by Konstantin Olchanski
Modified:	2007-11-30 17:10 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-10-11 18:32:18 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Konstantin Olchanski 2004-05-21 16:57:36 EDT

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040116

Description of problem:
Installation hangs and NIS does not work when I do this:
- start a fresh install of Fedora 2:
- during pre-install, enable the firewall (by default, no holes)
- during first-boot, select "use network logins", the NIS setup window
opens. enable NIS, set the domain name, press "okey"
- the NIS setup window hangs, the first-boot installation hangs.
(it is possible to recover by hard-killing the NIS setup window)

Analysis:
- enabling the firewall prevents responses from the NIS server from
reaching ypbind.
- during first-boot, the NIS setup window attempts to start "ypbind",
presumably by running "service ypbind start". This hangs forever
because responses from the NIS server are blocked by the firewall.

RFE: 
1) the ypbind startup script should punch a hole in the firewall (as
the ntpd startup script does)
2) the graphical NIS setup window should show the progress of whatever
time consuming things it does, and it should give the user the option
to abort whatever it is doing if things to wrong.

K.O.


Version-Release number of selected component (if applicable):
ypbind-1.17.2-1

How reproducible:
Always

Comment 1 Alan Cox 2004-05-21 18:18:37 EDT

There is a general issue with holes in firewalls that needs
addressing. Probably lokkit needs to keep a database of apps and holes
and apps need to add/remove holes neatly - and with user consent - as
appropriate.

Comment 2 Matthew Miller 2005-04-26 12:01:41 EDT

Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 3 Konstantin Olchanski 2005-04-28 19:24:12 EDT

The problem is still there in FC3. K.O.

Comment 4 Roy Stogner 2005-06-16 18:07:50 EDT

This occurs in the Fedora Core 4 release as well.  Someone with permission ought
to bump the Version on this bug to fc4.

Comment 5 Chris Feist 2005-06-17 10:24:18 EDT

I'll see if I can replicate this and get a fix so it doesn't happen in FC5.

Comment 6 Chris Feist 2005-06-20 12:28:43 EDT

I am unable to replicate this problem in fc4.  Please detail how you see this
problem.

Comment 7 Chris Feist 2005-10-11 17:39:19 EDT

Still waiting any further information from reporter.  I'm unable to replicate
the problem with my systems.

Comment 8 Chris Feist 2005-10-11 18:32:18 EDT

Upon further research it appears that a firewall rule exists in the default
fedora installation to allow all related connections which allows ypbind udp
traffic to pass back and forth.

If you continue to have problems please re-open this bug.

Note You need to log in before you can comment on or make changes to this bug.