Bug 80497 - Firstboot fails to remove opening for port 123
Firstboot fails to remove opening for port 123
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: firstboot (Show other bugs)
8.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-12-27 02:29 EST by Need Real Name
Modified: 2007-04-18 12:49 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-05-27 16:53:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-12-27 02:29:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
firstboot ntpd fails to remove an open port 123, example below:

Dec 23 11:26:33 opus firstboot: ntpd: Removing firewall opening for port 123
Dec 23 11:26:33 opus firstboot: iptables: Bad rule (does a matching rule exist
in that chain?)
Dec 23 11:26:33 opus ntpd:  failed
Dec 23 11:26:33 opus firstboot: 
Dec 23 11:26:33 opus firstboot:
Dec 23 11:26:33 opus firstboot: Shutting down ntpd:
Dec 23 11:26:33 opus ntpd: ntpd shutdown failed

It might be confused by the RH-Lokkit-0-50-INPUT chain???

[root@opus root]# iptables -n -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:80
flags:0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:21
flags:0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:22
flags:0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:23
flags:0x16/0x02
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  {my DNS}             0.0.0.0/0          udp spt:53
ACCEPT     udp  --  {my other DNS}       0.0.0.0/0          udp spt:53
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
reject-with icmp-port-unreachable
REJECT     udp  --  0.0.0.0/0            0.0.0.0/0          udp reject-with
icmp-port-unreachable


Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1.build a new system
2.let firstboot run
3.I'm pretty sure I just picked the defaults, decided not to sign up for that
up2date thing if that has any impact on this
    

Additional info:
Comment 1 Brent Fox 2003-05-27 16:53:52 EDT
The ntp that shipped in RHL 9 should be able to open a hole in the firewall for
itself, so this issues should be fixed in the current release.

Note You need to log in before you can comment on or make changes to this bug.