Description of problem: iptables has been wide open since Aug-24 version. For FC6 and FC7-devel. Version-Release number of selected component (if applicable): iptables.i386 0:1.3.5-1.2.1 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: iptables i386 1.3.5-1.2.1 development 236 k Transaction Summary ============================================================================= Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 236 k Is this ok [y/N]: y Downloading Packages: (1/1): iptables-1.3.5-1.2 100% |=========================| 236 kB 00:02 Running Transaction Test warning: iptables-1.3.5-1.2.1: Header V3 DSA signature: NOKEY, key ID 897da07a Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: iptables ######################### [1/1] Installed: iptables.i386 0:1.3.5-1.2.1 Complete! [root@Jovette-14 deck]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@Jovette-14 deck]#
iptables is the userland config tool. The firewall rules are not provided by the iptables package, they can be generated by anaconda and lokkit. Please use system-config-securitylevel to generate a firewall configuration. FOr the signature: Please open a bug against distribution for this.
No, No, NO, you are off the facts. Iptables are the firewall. The iptables went from what is installed by the system to accept all and I din't touch them. Anancanonda is not going to generate the iptables after the fact. (if this true, it a really secure secert. Please point to the documentation that it occurs in.) system-config-securitylevel, is only for seting extra ports not defining a complete firewall. And if changed else where , this tool will actually wipe them out. But hey, it is just a bug, not my bug, FC bug. Fix it or don't. Darwin
Well, the updates of Nov 30th for rawhide fixed the iptables back to what they usually are in the FW/Secuirty gui. They also fixed the crash of iptables at bootup. (and, unrelated, the cpufreq, and the missing machine id file) So maybe FC6 updates will fix it too. But I can't update those until tomorrow. Darwin