Bug 216388 - iptables are wide open and have bad sig
Summary: iptables are wide open and have bad sig
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: iptables
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-20 06:23 UTC by Darwin H. Webb
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-11-29 13:19:11 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Darwin H. Webb 2006-11-20 06:23:27 UTC
Description of problem:
iptables has been wide open since Aug-24 version.
For FC6 and FC7-devel.


Version-Release number of selected component (if applicable):
iptables.i386 0:1.3.5-1.2.1

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 iptables                i386       1.3.5-1.2.1      development       236 k

Transaction Summary
=============================================================================
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         

Total download size: 236 k
Is this ok [y/N]: y
Downloading Packages:
(1/1): iptables-1.3.5-1.2 100% |=========================| 236 kB    00:02     
Running Transaction Test
warning: iptables-1.3.5-1.2.1: Header V3 DSA signature: NOKEY, key ID 897da07a
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: iptables                     ######################### [1/1] 

Installed: iptables.i386 0:1.3.5-1.2.1
Complete!
[root@Jovette-14 deck]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@Jovette-14 deck]#

Comment 1 Thomas Woerner 2006-11-29 13:19:11 UTC
iptables is the userland config tool. The firewall rules are not provided by the
iptables package, they can be generated by anaconda and lokkit.

Please use system-config-securitylevel to generate a firewall configuration.

FOr the signature: Please open a bug against distribution for this.

Comment 2 Darwin H. Webb 2006-11-30 02:37:07 UTC
No, No, NO, you are off the facts.
Iptables are the firewall.
The iptables went from what is installed by the system to accept all and I din't
touch them.

Anancanonda is not going to generate the iptables after the fact.
(if this true, it a really secure secert. Please point to the documentation that
it occurs in.)

system-config-securitylevel, is only for seting extra ports not defining a
complete firewall. And if changed else where , this tool will actually wipe them
out.

But hey, it is just a bug, not my bug, FC bug. Fix it or don't.

Darwin

Comment 3 Darwin H. Webb 2006-11-30 14:45:01 UTC
Well, the updates of Nov 30th for rawhide fixed the iptables back to what they
usually are in the FW/Secuirty gui.
They also fixed the crash of iptables at bootup.

(and, unrelated, the cpufreq, and the missing machine id file)

So maybe FC6 updates will fix it too.
But I can't update those until tomorrow.

Darwin


Note You need to log in before you can comment on or make changes to this bug.