Bug 36279 - iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)
Summary: iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 7.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-04-17 14:43 UTC by Need Real Name
Modified: 2007-03-27 03:43 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-04-17 14:50:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Need Real Name 2001-04-17 14:43:19 UTC
iptables-1.2.0 as used in wolverine is buggy. the init-scripts use
iptables-restore and iptables-save for firewall rules initialization but
silently fail to do so correctly. this means that after a reboot the
firewall might contain wrong rules (mostly missing ports). This is a know
iptables bug and seems fixed in 1.2.1a for the tests i have run. 

Generally the -save and -restore functionality was aparently hard to
implement correctly, it should be pondered if they really should be used

For sure iptables-1.2.0 must asap be replaced in 7.1 if not done so
already, to version 1.2.1a (the most recent)


Comment 1 Bernhard Rosenkraenzer 2001-04-18 21:55:01 UTC
We're shipping 1.2.1a

Note You need to log in before you can comment on or make changes to this bug.