Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1326462 - rich rule with destination and no element give error
rich rule with destination and no element give error
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld (Show other bugs)
7.2
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Thomas Woerner
Tomas Dolezal
:
: 1352179 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-12 13:57 EDT by Saul Serna
Modified: 2016-11-03 17:02 EDT (History)
2 users (show)

See Also:
Fixed In Version: firewalld-0.4.2-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 17:02:55 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2597 normal SHIPPED_LIVE Moderate: firewalld security, bug fix, and enhancement update 2016-11-03 08:11:47 EDT

  None (edit)
Description Saul Serna 2016-04-12 13:57:58 EDT 
Customer states they are running into the same exact issue as the following bug, except on RHEL 7.2


Bug 1163428 - rich rule with destination and no element 


Customer Comment:
----------------------------------------------------------

I am seeing the same issue as described by this unresolved Fedora bug (https://bugzilla.redhat.com/show_bug.cgi?id=1163428). 
It occurs with newer firewalld packges (firewalld-0.3.9-14.el7.noarch). 
I get the same issue when I attempt to create a rich rule with destination address but no protocol/port it gives error:

ERROR: INVALID_RULE: no element, no source

Also, when using a source AND destination address but no protocol/port I get:

Error: INVALID_RULE: destination action

Firstly, the error messages provide no useful information about the problem. Secondly, I would like to understand why a port and/or protocol are required in these scenarios. I think it is a perfectly logical use-case to allow all traffic (protocols) coming into a particular interface/address. Furthermore, "all" is not a valid selection for the protocol, why?

Not urgent but would like to understand the function better and possibly get it fixed to be more intuitive.
Comment 6 Thomas Woerner 2016-07-12 07:56:08 EDT 
*** Bug 1352179 has been marked as a duplicate of this bug. ***
Comment 9 errata-xmlrpc 2016-11-03 17:02:55 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2597.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.