36279 – iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)

Bug 36279 - iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)

Summary: iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)

Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	iptables
Sub Component:	(Show other bugs)
Version:	7.1
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Bernhard Rosenkraenzer
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-04-17 14:43 UTC by Need Real Name
Modified:	2007-03-27 03:43 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2001-04-17 14:50:37 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Need Real Name 2001-04-17 14:43:19 UTC

iptables-1.2.0 as used in wolverine is buggy. the init-scripts use
iptables-restore and iptables-save for firewall rules initialization but
silently fail to do so correctly. this means that after a reboot the
firewall might contain wrong rules (mostly missing ports). This is a know
iptables bug and seems fixed in 1.2.1a for the tests i have run. 

Generally the -save and -restore functionality was aparently hard to
implement correctly, it should be pondered if they really should be used
already. 

For sure iptables-1.2.0 must asap be replaced in 7.1 if not done so
already, to version 1.2.1a (the most recent)

Olaf

Comment 1 Bernhard Rosenkraenzer 2001-04-18 21:55:01 UTC

We're shipping 1.2.1a

Note You need to log in before you can comment on or make changes to this bug.