Bug 134490 - "service iptables panic" disables loopback
"service iptables panic" disables loopback
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: iptables (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-03 21:42 EDT by Ian Laurie
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-04 07:59:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ian Laurie 2004-10-03 21:42:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
The command "service iptables panic" disables the loopback interface
because the script /etc/rc.d/init.d/iptables calls the script function
"set_policy" with the argument "DROP".

It might be a good idea to modify the script so "set_policy" does a
check for the "DROP" policy and explicitly enables the loopback. 
Something along these lines:

if [ "$policy" == "DROP" ]; then
    $IPTABLES -A INPUT -i lo -j ACCEPT
    $IPTABLES -A OUTPUT -o lo -j ACCEPT
fi

Version-Release number of selected component (if applicable):
iptables-1.2.8-12.3

How reproducible:
Always

Steps to Reproduce:
1. Issue "service iptables panic"
2.
3.
    

Actual Results:  Firewall adopts a blanket DROP policy, breaking all
flow, even the loopback.

Expected Results:  It may be better if the loopback were left enabled
even when "panic" is used.

Additional info: Very low priority enhancement request.  I think all
Red Hat versions have this same issue.
Comment 1 Thomas Woerner 2004-10-04 07:59:27 EDT
Panic should and is dropping all traffic that is going through the
firewall. This includes the loopback devices. 
Panic is an emergency option.

Closing as "NOT A BUG".

Note You need to log in before you can comment on or make changes to this bug.