Red Hat Bugzilla – Bug 68368
ifup-post doesn't punch dns server holes
Last modified: 2014-03-16 22:28:39 EDT
The current version of ifup-post appears to still use ipchains, and checks for
/etc/sysconfig/ipchains to see if it's in use. Since limbo uses iptables,
though, the holes for DNS replies to get back from the servers get dropped if
"high" security setting is selected.
*** Bug 68151 has been marked as a duplicate of this bug. ***
Should be fixed in 6.87-1.
Bill, think that we still have a bit of a problem here. This is what I show
if [ "$FIREWALL_MODS" != "no" -a -f /etc/sysconfig/ipchains ] && \
Shouldn't that be "-a -f /etc/sysconfig/iptables ]"?
That would help, duh. Will be fixed in 6.89-1.
Fix confirmed with initscripts-6.90-1.