This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 216388 - iptables are wide open and have bad sig
iptables are wide open and have bad sig
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-20 01:23 EST by Darwin H. Webb
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-29 08:19:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Darwin H. Webb 2006-11-20 01:23:27 EST
Description of problem:
iptables has been wide open since Aug-24 version.
For FC6 and FC7-devel.


Version-Release number of selected component (if applicable):
iptables.i386 0:1.3.5-1.2.1

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
=============================================================================
 Package                 Arch       Version          Repository        Size 
=============================================================================
Installing:
 iptables                i386       1.3.5-1.2.1      development       236 k

Transaction Summary
=============================================================================
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         

Total download size: 236 k
Is this ok [y/N]: y
Downloading Packages:
(1/1): iptables-1.3.5-1.2 100% |=========================| 236 kB    00:02     
Running Transaction Test
warning: iptables-1.3.5-1.2.1: Header V3 DSA signature: NOKEY, key ID 897da07a
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: iptables                     ######################### [1/1] 

Installed: iptables.i386 0:1.3.5-1.2.1
Complete!
[root@Jovette-14 deck]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@Jovette-14 deck]#
Comment 1 Thomas Woerner 2006-11-29 08:19:11 EST
iptables is the userland config tool. The firewall rules are not provided by the
iptables package, they can be generated by anaconda and lokkit.

Please use system-config-securitylevel to generate a firewall configuration.

FOr the signature: Please open a bug against distribution for this.
Comment 2 Darwin H. Webb 2006-11-29 21:37:07 EST
No, No, NO, you are off the facts.
Iptables are the firewall.
The iptables went from what is installed by the system to accept all and I din't
touch them.

Anancanonda is not going to generate the iptables after the fact.
(if this true, it a really secure secert. Please point to the documentation that
it occurs in.)

system-config-securitylevel, is only for seting extra ports not defining a
complete firewall. And if changed else where , this tool will actually wipe them
out.

But hey, it is just a bug, not my bug, FC bug. Fix it or don't.

Darwin
Comment 3 Darwin H. Webb 2006-11-30 09:45:01 EST
Well, the updates of Nov 30th for rawhide fixed the iptables back to what they
usually are in the FW/Secuirty gui.
They also fixed the crash of iptables at bootup.

(and, unrelated, the cpufreq, and the missing machine id file)

So maybe FC6 updates will fix it too.
But I can't update those until tomorrow.

Darwin

Note You need to log in before you can comment on or make changes to this bug.