Red Hat Bugzilla – Bug 330741
upsd ignoring ACL in upsd.conf
Last modified: 2007-11-30 17:12:18 EST
Description of problem:
The machine has just been updated from FC5 to F7. The config for the ups service
was not changed. Now that the machine is running 2.0.5 it rejects all
connections on the external interface, but accepts localhost connections.
Previously it would accept connections from the list of acceptable addresses in
upsd.conf, now that list seems to be ignored.
Version-Release number of selected component (if applicable):
Created attachment 226451 [details]
I've tried to upgrade nut-2.0.3-2.1 (FC-6; FC-5 is EOLed already) to nut-2.0.5-5
and do nothing but service ups restart. Everything works the same as before.
Please try to examine your system a bit closer. Are you sure that the IP tables
configuration has not been altered during upgrade? What does the upsc output on
the client side look like? What does upsd log in /var/log/messages during the
unsuccessful connection attempt?
There is no firewall or hosts.[allow|deny] in force. The connection test was
done locally with telnet. It was also done against another port which should
also have been accepting on both localhost and the ethernet IP address, this was
The thing I am worried about is if the ipv6 system is getting in the way. I have
no use for it, but it is still there, despite having switched it off in the
ifcfg-ethX files. The reason I am wondering about this is the error message:
upsd: Rejecting TCP connection from ::ffff:10.103.15.50
In addition, the telnet session is at first accepted and then emmediately
dropped. This suggests that it is the application itself that is doing the dropping.
# telnet zebedee nut
Connected to zebedee.
Escape character is '^]'.
Connection closed by foreign host.
Seems that it's indeed the IPv6 support that breaks things. If you don't need
IPv6 you may pass the '-4' parameter to upsd on startup: Edit /etc/sysconfig/ups
and change the line with upsd options to:
Then restart ups service and please let me know whether that solves your problem.
It does indeed.
Nagios might even stop bugging me now :) Thanks.
nut-2.0.5-6 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update nut'
nut-2.0.5-6 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.