First Last Prev Next    This bug is not in your last search results.
Bug 129346 - Option to disable "save" command in iptables init.d script
Option to disable "save" command in iptables init.d script
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-06 14:50 EDT by Aleksandar Milivojevic
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-09 11:03:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Aleksandar Milivojevic 2004-08-06 14:50:36 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040626 Firefox/0.9.1

Description of problem:
This is a feature request.

It would be nice to have configuration option to disable "save"
command in /etc/init.d/iptables script by using
/etc/sysconfig/iptables-config file.  Something along the lines of:

IPTABLES_DISABLE_SAVE="yes"

This would be handy for experienced/advanced system administrator that
wish to build /etc/sysconfig/iptables file by hand and not to have to
worry that the file might get overwritten by /etc/init.d/iptables
script.  Other utilities that might overwrite /etc/sysconfig/iptables
might use this configuration option too.  IPTABLES_DISABLE_SAVE option
should override values of IPTABLES_SAVE_* options from iptables-config
file.

Version-Release number of selected component (if applicable):
iptables-1.2.9-2.3.1

How reproducible:
Always

Steps to Reproduce:
1. /etc/init.d/iptables save
    

Additional info:
Comment 1 Thomas Woerner 2004-08-09 11:03:21 EDT 
If you do not want to overwrite /etc/sysconfig/iptables, then do not
start service iptables save. /etc/sysconfig/iptables-config is only
useful for the iptables startup-script.

Other applications must not modify /etc/sysconfig/iptables, except of
system-config-securitylevel.

It is not useful to define a variable in
/etc/sysconfig/iptables-config which overrides other variables in the
same file.

Closing as "NOT A BUG"
Comment 2 Aleksandar Milivojevic 2004-08-09 12:06:15 EDT 
This was more along the lines of preventing sysadmin of making a typo
(or second sysadmin invoking iptables save or
system-config-securitylevel on system where it shouldn't be done). 
Kind of making it more failsafe.  iptables save and
sysctem-config-securitylevel are destructive, and there's no failsafe
in case they were invoked by error/mistake/lack of communication.  I
saw a value in having it.
Comment 3 Thomas Woerner 2004-08-09 12:18:45 EDT 
system iptable save does this:

/etc/init.d/iptables:
save() {
        ...
        if [ -e $IPTABLES_DATA ]; then
            cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
                && chmod 600 $IPTABLES_DATA.save \
                || ret=1
        fi
        ...

It is making a copy before stroring new data.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.