Bug 72824 - ifup fails to punch nameservers through firewall
Summary: ifup fails to punch nameservers through firewall
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: initscripts (Show other bugs)
(Show other bugs)
Version: null
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-08-28 07:32 UTC by Jan Iven
Modified: 2014-03-17 02:30 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-08-28 07:32:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jan Iven 2002-08-28 07:32:25 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020509

Description of problem:
in the "high" security firewall settings with DHCP, "ifup eth0" will not create
additional rules for the name servers. This seems because the "iptables" syntax
used in the /etc/sysconfig/network-scripts/ifup is no longer valid, it uses
something like "... -m udp  ... --sport 53  -p udp".

Changing this to "... -p udp -m udp .. --sport 53" makes it work again.



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. configure firewall into "high security" (lokkit or on install) 
2. use DHCP for eth0
(simulate a BOOT=no situation for eth0):
3. ifdown eth0
4. service iptables restart
5. ifup eth0
	

Actual Results:  DNS replies don't make it through the firewall


Expected Results:  DNS replies from the DHCP-configured nameserver should be
accepted, i.e. a new rule should appear in "iptables -L"

Additional info:

Comment 1 Bill Nottingham 2002-08-28 16:00:17 UTC
This should be fixed in 6.91-1 or later


Note You need to log in before you can comment on or make changes to this bug.