Red Hat Bugzilla – Bug 72458
ifup-post uses iptables -A to "punch hole through firewall" -- that doesn't work
Last modified: 2014-03-16 22:30:24 EDT
Description of Problem:
When the "most secure" firewall installation option is checked,
DNS doesn't work on a DHCP'd ethernet.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install null from scratch.
2. Chose the most secure of the firewall settings.
3. Configure ethernet as DHCP
4. Try to access something by name.
It looks like the chain that you add -A to is already denying all UDP traffic,
so appending a rule that allows the DNS servers to send UDP packets doesn't do
It appears that changing "-A" to "-I" in
/etc/sysconfig/network-scripts/ifup-post fixes this problem. There's also a
"-A" in /sbin/ifup. I naively changed that from "-A" to "-I" on my first
attempt to solve the problem and that didn't help by itself, but I didn't bother
to change it back before I changed ifup-post. I figure you guys know the
scripts much better than I do, so it makes more sense for you to find the
This should be already fixed in 6.91-1 or later