Red Hat Bugzilla – Bug 70654
setting FIREWALL_MODS=no in /etc/sysconfig/network doesn't work
Last modified: 2014-03-16 22:29:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020605
Description of problem:
Setting the parameter FIREWALL_MODS=no in /etc/sysconfig/network doesn't do
anything. It was expected to disable the "punching through firewall" action
during system boot up.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.add the line "FIREWALL_MODS=no" to /etc/sysconfig/network
Actual Results: Nothing changes.
Expected Results: The "punching through firewall" action (indicated in the
system log) during boot up should have been discontinued (given, of course, that
it was there before adding the line to /etc/sysconfig/network).
The problem is fixed by adding a couple of lines to
"/etc/sysconfig/network-scripts/ifup-post". The following is a suggested patch:
--- ifup-post.redhat Wed Feb 6 21:56:58 2002
+++ ifup-post Thu May 30 11:28:46 2002
@@ -3,6 +3,9 @@
+[ -f ../network ] && . ../network
+[ -f ../networking/network ] && . ../networking/network
Well, in general, it's an internal variable that's only supposed to be set when
needed. Why did you need to unset it?
I want to disable the automatic firewall modifications. I've already set up the
firewall the way I want it to be. I don't understand your response,
particularly the comment that it's "only supposed to be set when needed."
Needed when and by whom? Your comment seems to imply that I should not
want/need to disable the firewall mods, and/or that the "proper" way to do it is
to modify the script.
Well, in the current development sources, it only uses this if the firewall
config was written by Red Hat tools (the Red Hat tools write to a specific chain
name.) That's what I mean by it shouldn't need to be disabled for other
firewalls to work.
7.3 isn't this way though; it tries to detect if it's a Red Hat-written config,
but it's not as easy to automatically determine.
In any case, the sourcing of /etc/sysconfig/network is in the current rawhide