Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 43226 - Not iptables compatible
Not iptables compatible
Status: CLOSED RAWHIDE
Product: Red Hat Powertools
Classification: Retired
Component: portsentry (Show other bugs)
7.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Powers
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-06-01 20:05 EDT by Mike Chambers
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-04 19:59:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mike Chambers 2001-06-01 20:05:32 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)

Description of problem:
The portsentry.conf file has no entry for iptables in the "KILL_ROUTE" 
section.

How reproducible:
Always

Steps to Reproduce:
1.install portsentry
2.edit portsentry.conf
3.Look in Dropping Routes section
	

Actual Results:  # New ipchain support for Linux kernel version 2.102+
KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l"

Expected Results:  # New iptables support for Linux kernel version 2.4+
KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP -l"


Additional info:

The expected results may be wrong but that is what I manually change it to 
and it seems to work.

Maybe just needs tweaking or something to work more correctly.
Comment 1 Tim Powers 2001-06-04 10:04:01 EDT 
How is it not working? I do notice that you have the "-l" still in there from
ipchains, perhaps you shouldn't do that with iptables and use the "--log-level"
flag instead? (I don't have much experience with iptables yet)

Tim
Comment 2 Mike Chambers 2001-06-04 19:59:16 EDT 
What I meant is that only "ipchains" is in the config file, nothing for 
iptables.  I changed the ipchains myself manually to iptables so it would work.
Comment 3 Tim Powers 2001-06-05 09:02:35 EDT 
Do this was more of an enhancement request than a bug. Sorry for
misunderstanding you. I updated the config file patch to include an iptables
entry (the same as you have in the report).

Thanks for the report. Look for portsentry-1.0-13 in rawhide when rawhide is
updated again. It is moving to the distro from Powertools, so look there instead.

Tim
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.