Red Hat Bugzilla – Bug 134490
"service iptables panic" disables loopback
Last modified: 2007-11-30 17:07:04 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Description of problem:
The command "service iptables panic" disables the loopback interface
because the script /etc/rc.d/init.d/iptables calls the script function
"set_policy" with the argument "DROP".
It might be a good idea to modify the script so "set_policy" does a
check for the "DROP" policy and explicitly enables the loopback.
Something along these lines:
if [ "$policy" == "DROP" ]; then
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Issue "service iptables panic"
Actual Results: Firewall adopts a blanket DROP policy, breaking all
flow, even the loopback.
Expected Results: It may be better if the loopback were left enabled
even when "panic" is used.
Additional info: Very low priority enhancement request. I think all
Red Hat versions have this same issue.
Panic should and is dropping all traffic that is going through the
firewall. This includes the loopback devices.
Panic is an emergency option.
Closing as "NOT A BUG".