Bug 1296573 - xsd specification nor service daemon checks whether tags are specified more than once if they must not
xsd specification nor service daemon checks whether tags are specified more t...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld (Show other bugs)
7.2
Unspecified Unspecified
medium Severity low
: rc
: ---
Assigned To: Thomas Woerner
Tomas Dolezal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-07 10:20 EST by Tomas Dolezal
Modified: 2016-11-03 17:02 EDT (History)
2 users (show)

See Also:
Fixed In Version: firewalld-0.4.3-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 17:02:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2597 normal SHIPPED_LIVE Moderate: firewalld security, bug fix, and enhancement update 2016-11-03 08:11:47 EDT

  None (edit)
Description Tomas Dolezal 2016-01-07 10:20:05 EST
Description of problem:
specifiying multiple destinations of same protocol (ipv4/v6) results in use only of the latest one. accordingly to documentation and firewall-config it's not possible to specify more. schema check however passes while it should not.

Version-Release number of selected component (if applicable):
firewalld-0.3.9-14.el7.noarch

How reproducible:
always

Actual results:
cat /etc/firewalld/services/amyserv.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <port protocol="tcp" port="20200-20400"/>
  <destination ipv4="10.99.99.88"/>
  <destination ipv4="10.99.99.89"/>
</service>

iptables rule:
-A IN_internal_allow -d 10.99.99.89/32 -p tcp -m tcp --dport 20200:20400 -m conntrack --ctstate NEW -j ACCEPT

firewalld]# /usr/lib/firewalld/xmlschema/check.sh 
Checking zones
  internal.xml validates
  public.xml validates
Checking services
  amyserv.xml validates
Checking icmptypes

`journalctl -b -u firewalld` also does not contain a single relevant complaint

Expected results:
journal contains complaints
schema validation fails

..for all 'use only once' tags in files

Additional info:
Comment 10 errata-xmlrpc 2016-11-03 17:02:07 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2597.html

Note You need to log in before you can comment on or make changes to this bug.