Bug 1251057 - All firewall zones with target=default (i.e. REJECT) are shown as target=ACCEPT
Summary: All firewall zones with target=default (i.e. REJECT) are shown as target=ACCEPT
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: firewalld
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-06 13:03 UTC by Alan Jenkins
Modified: 2016-03-07 12:00 UTC (History)
2 users (show)

Fixed In Version: firewalld-0.4.0-2.fc23
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-02-21 16:30:45 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Screenshot showing wrong default target for public zone (97.81 KB, image/png)
2015-08-06 13:03 UTC, Alan Jenkins 		no flags Details
checkbox fixed, but misleading dropdown (31.55 KB, image/png)
2016-03-07 12:00 UTC, Alan Jenkins 		no flags Details
View All

Description Alan Jenkins 2015-08-06 13:03:16 UTC 
Created attachment 1059938 [details]
Screenshot showing wrong default target for public zone

Description of problem:

I started editing with firewall-config.  I had to stop and re-verify the config because of this bug.  firewall-config should show the correct value to avoid making users waste time and worry about security :).

firewall-config unexpectedly showed target=ACCEPT for the FedoraWorkstation zone, as well as the public zone which is described as "do not trust the other computers".


Version-Release number of selected component (if applicable):

firewall-config-0.3.14.2-2.fc22.noarch
      firewalld-0.3.14.2-2.fc22.noarch


Steps to Reproduce:
1. Run firewall-config
2. Switch from Runtime to Permanent configuration
3. Select FedoraWorkstation or "public" zone
4. Click "Edit Zone" button at the bottom

Actual results:

1. "default" checkbox is unticked
2. target is shown as "ACCEPT"

Expected results:

1. "default" checkbox should be ticked
2. target should be un-editable.  However it should be visible and show "REJECT"
Comment 1 Thomas Woerner 2015-08-06 17:06:05 UTC 
Fixed upstream: https://github.com/t-woerner/firewalld/commit/91ebdecf0e2ad094b14a1578dbba4685764430c1
Comment 2 Fedora Update System 2016-02-04 15:41:10 UTC 
firewalld-0.4.0-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-fc0691e6a7
Comment 3 Fedora Update System 2016-02-05 01:23:38 UTC 
firewalld-0.4.0-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fc0691e6a7
Comment 4 Fedora Update System 2016-02-08 13:29:00 UTC 
firewalld-0.4.0-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-fc0691e6a7
Comment 5 Fedora Update System 2016-02-09 22:27:48 UTC 
firewalld-0.4.0-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fc0691e6a7
Comment 6 Fedora Update System 2016-02-21 16:30:17 UTC 
firewalld-0.4.0-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Alan Jenkins 2016-03-07 12:00:36 UTC 
Created attachment 1133717 [details]
checkbox fixed, but misleading dropdown

Fix confirmed :).

That said, it would be nice if the (now greyed-out) dropdown showed REJECT (or whatever the default target is), particularly when you untick the "default" checkbox.

Currently the dropdown shows ACCEPT, which is misleading.
Note You need to log in before you can comment on or make changes to this bug.