Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 72824 - ifup fails to punch nameservers through firewall
ifup fails to punch nameservers through firewall
Product: Red Hat Public Beta
Classification: Retired
Component: initscripts (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
Depends On:
  Show dependency treegraph
Reported: 2002-08-28 03:32 EDT by Jan Iven
Modified: 2014-03-16 22:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-08-28 03:32:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Iven 2002-08-28 03:32:25 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020509

Description of problem:
in the "high" security firewall settings with DHCP, "ifup eth0" will not create
additional rules for the name servers. This seems because the "iptables" syntax
used in the /etc/sysconfig/network-scripts/ifup is no longer valid, it uses
something like "... -m udp  ... --sport 53  -p udp".

Changing this to "... -p udp -m udp .. --sport 53" makes it work again.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. configure firewall into "high security" (lokkit or on install) 
2. use DHCP for eth0
(simulate a BOOT=no situation for eth0):
3. ifdown eth0
4. service iptables restart
5. ifup eth0

Actual Results:  DNS replies don't make it through the firewall

Expected Results:  DNS replies from the DHCP-configured nameserver should be
accepted, i.e. a new rule should appear in "iptables -L"

Additional info:
Comment 1 Bill Nottingham 2002-08-28 12:00:17 EDT
This should be fixed in 6.91-1 or later

Note You need to log in before you can comment on or make changes to this bug.