From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020605 Description of problem: Setting the parameter FIREWALL_MODS=no in /etc/sysconfig/network doesn't do anything. It was expected to disable the "punching through firewall" action during system boot up. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.add the line "FIREWALL_MODS=no" to /etc/sysconfig/network 2.reboot system 3. Actual Results: Nothing changes. Expected Results: The "punching through firewall" action (indicated in the system log) during boot up should have been discontinued (given, of course, that it was there before adding the line to /etc/sysconfig/network). Additional info: The problem is fixed by adding a couple of lines to "/etc/sysconfig/network-scripts/ifup-post". The following is a suggested patch: --- ifup-post.redhat Wed Feb 6 21:56:58 2002 +++ ifup-post Thu May 30 11:28:46 2002 @@ -3,6 +3,9 @@ cd /etc/sysconfig/network-scripts . network-functions +[ -f ../network ] && . ../network +[ -f ../networking/network ] && . ../networking/network + CONFIG=$1 source_config
Well, in general, it's an internal variable that's only supposed to be set when needed. Why did you need to unset it?
I want to disable the automatic firewall modifications. I've already set up the firewall the way I want it to be. I don't understand your response, particularly the comment that it's "only supposed to be set when needed." Needed when and by whom? Your comment seems to imply that I should not want/need to disable the firewall mods, and/or that the "proper" way to do it is to modify the script.
Well, in the current development sources, it only uses this if the firewall config was written by Red Hat tools (the Red Hat tools write to a specific chain name.) That's what I mean by it shouldn't need to be disabled for other firewalls to work. 7.3 isn't this way though; it tries to detect if it's a Red Hat-written config, but it's not as easy to automatically determine. In any case, the sourcing of /etc/sysconfig/network is in the current rawhide initscripts (6.90-1).