490150 – (example, fwmark, in, multiport, Use) multiport in fwmark example

Bug 490150 (example, fwmark, in, multiport, Use) - multiport in fwmark example

Summary: multiport in fwmark example

Keywords:
Status:	CLOSED WONTFIX
Alias:	example, fwmark, in, multiport, Use
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	Documentation-cluster
Sub Component:
Version:	5.2
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	John Ha
QA Contact:	ecs-bugs
Docs Contact:
URL:	http://www.redhat.com/docs/en-US/Red_...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-03-13 15:26 UTC by Barry Brimer
Modified:	2014-08-04 22:18 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-02 13:09:00 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Barry Brimer 2009-03-13 15:26:53 UTC

Description of problem:

Example of creating fwmarks for multiport service could benefit from the use of multiport iptables rule


Version-Release number of selected component (if applicable):
Virtual_Server_Administration(EN)-5.2 (2008-05-15T16:07)


In section 3.4.1. Assigning Firewall Marks there is an example of creating firewall marks for use in a multiport service:


==================================================================================
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 80 -j MARK --set-mark 80

/sbin/iptables -t mangle-A PREROUTING -p tcp -d n.n.n.n/32 --dport 443 -j MARK --set-mark 80 
==================================================================================

The goal of this example is to mark packets with the same firewall mark, but it is being done in multiple commands, which give a greater possibility of error or inconsistency. I recommend making use of the multiport directive so that the same firewall mark is made to all relevant ports at the same time in the same command.  I would change this example to:

/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 -m multiport --dports 80,443 -j MARK --set-mark 80

Also .. in the second example in the current documentation, there should be a space between the trailing 'e' in 'mangle' and the '-' used to append this rule to the PREROUTING chain

Comment 6 RHEL Program Management 2010-08-09 18:17:41 UTC

This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.

Comment 8 RHEL Program Management 2014-03-07 12:45:41 UTC

This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.

Comment 9 RHEL Program Management 2014-06-02 13:09:00 UTC

Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).

Note You need to log in before you can comment on or make changes to this bug.