Bug 29129 - ipchains rules in ifup scripts break ipchains funtionality
ipchains rules in ifup scripts break ipchains funtionality
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: initscripts (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-02-23 15:14 EST by Dan Taylor
Modified: 2014-03-16 22:19 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-02-23 16:05:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dan Taylor 2001-02-23 15:14:54 EST
Ifup/ifdown scripts were modified to fix bug# 25951 .  They now add 
ipchains rules when brought up to allow connectivity to name servers.  
However, this functionality clashes with typical ipchains usage.

For instance, if a user modifies the /etc/sysconfig/ipchains file, then 
does 'service ipchains restart' the chains added for name resolution are 
flushed & a user can no longer resolve dns names from a nameserver.  

Also, if a user modifies the current ipchains rules and then does 'service 
ipchains save' the rules that were only supposed to be set on a per device 
basis are now set globally.
Comment 1 Bill Nottingham 2001-02-23 15:21:41 EST
They should not do that, then.

If a user is directly modifying their /etc/sysconfig/ipchains, they should know
better than to firewall off their nameserver.
Comment 2 Dan Taylor 2001-02-23 15:37:10 EST
_SHOULD_ is the key word here...  This change is not documented in any of the 
man pages, how-to's, etc.  If this is the only way to do it then user should be 
notified via stdout that their ipchains rules are being modified as well.
Comment 3 Bill Nottingham 2001-02-23 16:05:12 EST
We can add a warning to the top of the file that it's not really
user modifiable.

We really cannot take care of users who don't know what they are
doing messing with the firewall config.
Comment 4 Bill Nottingham 2001-03-02 17:20:33 EST
As of gnome-lokkit-0.43-6, it writes a warning at the top of the firewall
script about what ifup does.

Note You need to log in before you can comment on or make changes to this bug.