Bug 36279 – iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)

Bug 36279 - iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)

Summary:	iptables 1.2.0 buggy -save and -restore code (silently breaks firewall)

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	iptables (Show other bugs)
Sub Component:
Version:	7.1
Hardware:	All Linux

Priority	high Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Bernhard Rosenkraenzer
QA Contact:	David Lawrence
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2001-04-17 10:43 EDT by Need Real Name
Modified:	2007-03-26 23:43 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2001-04-17 10:50:37 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Need Real Name 2001-04-17 10:43:19 EDT

iptables-1.2.0 as used in wolverine is buggy. the init-scripts use
iptables-restore and iptables-save for firewall rules initialization but
silently fail to do so correctly. this means that after a reboot the
firewall might contain wrong rules (mostly missing ports). This is a know
iptables bug and seems fixed in 1.2.1a for the tests i have run. 

Generally the -save and -restore functionality was aparently hard to
implement correctly, it should be pondered if they really should be used
already. 

For sure iptables-1.2.0 must asap be replaced in 7.1 if not done so
already, to version 1.2.1a (the most recent)

Olaf

Comment 1 Bernhard Rosenkraenzer 2001-04-18 17:55:01 EDT

We're shipping 1.2.1a

Note You need to log in before you can comment on or make changes to this bug.