Red Hat Bugzilla – Bug 72824
ifup fails to punch nameservers through firewall
Last modified: 2014-03-16 22:30:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020509
Description of problem:
in the "high" security firewall settings with DHCP, "ifup eth0" will not create
additional rules for the name servers. This seems because the "iptables" syntax
used in the /etc/sysconfig/network-scripts/ifup is no longer valid, it uses
something like "... -m udp ... --sport 53 -p udp".
Changing this to "... -p udp -m udp .. --sport 53" makes it work again.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. configure firewall into "high security" (lokkit or on install)
2. use DHCP for eth0
(simulate a BOOT=no situation for eth0):
3. ifdown eth0
4. service iptables restart
5. ifup eth0
Actual Results: DNS replies don't make it through the firewall
Expected Results: DNS replies from the DHCP-configured nameserver should be
accepted, i.e. a new rule should appear in "iptables -L"
This should be fixed in 6.91-1 or later