Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 32897 - install with medium firewall accepts all packets
install with medium firewall accepts all packets
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Michael Fulbright
Brock Organ
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-03-23 16:23 EST by John Keener
Modified: 2007-04-18 12:32 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-03-24 17:45:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description John Keener 2001-03-23 16:23:50 EST 
From Bugzilla Helper:
User-Agent: Mozilla/4.73 [en] (X11; U; Linux 2.2.16-3 i686)


On installation I selected the "medium" firewall option, and allowed
incoming ssh.  I have done this with both the text and the graphic
installation.  The chains that get setup are (ipchains -L -n):
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  199.99.226.3         0.0.0.0/0             53 ->  
*
ACCEPT     udp  ------  199.99.226.3         0.0.0.0/0             53 ->  
*
ACCEPT     udp  ------  199.99.226.3         0.0.0.0/0             53 ->  
*
ACCEPT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->  
22
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
DENY       tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->  
0:1023
DENY       tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->  
2049
DENY       udp  ------  0.0.0.0/0            0.0.0.0/0             * ->  
0:1023
DENY       udp  ------  0.0.0.0/0            0.0.0.0/0             * ->  
2049
DENY       tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->  
6000:6
009
DENY       tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->  
7100
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

Note the 'ACCEPT all 0.0.0.0 0.0.0.0' lines *before* any of the deny
items.  This accepts all incoming packets


Reproducible: Always
Steps to Reproduce:
1.perform install
2.choose "medium" firewall
3.allow ssh connects
(This is the only senario I have tested)
	

Actual Results:  see description.

Expected Results:  The chains should not be accepting all packets.  At a
minimut the 'ACCEPT all' lines should not be there.
Comment 1 Bill Nottingham 2001-03-23 17:50:38 EST 
What does your /etc/resolv.conf look like?
Comment 2 John Keener 2001-03-24 17:45:20 EST 
--------resolv.conf------------
nameserver 199.99.226.3
-----end resolv.conf
Comment 3 John Keener 2001-03-24 18:10:07 EST 
ipchains -L -n          hides one important piece of information -- the
interface.  The ACCEPT lines are actually limited to the lo and eth1 interfaces:

... 
   6   420 ACCEPT     all  ------ 0xFF 0x00  lo    0.0.0.0/0           
0.0.0.0/0             n/a
16554 2483K ACCEPT     all  ------ 0xFF 0x00  eth1  0.0.0.0/0           
0.0.0.0/0             n/a
...
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.