970509 – firewall-cmd, what is <table>

Bug 970509 - firewall-cmd, what is <table>

Summary: firewall-cmd, what is <table>

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firewalld
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-04 08:12 UTC by Petr Sklenar
Modified:	2013-08-04 00:08 UTC (History)
CC List:	2 users (show)
Fixed In Version:	firewalld-0.3.4-1.fc19
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-04 00:08:38 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Petr Sklenar 2013-06-04 08:12:51 UTC

Description of problem:
man says:
firewall-cmd --direct --get-chains { ipv4 | ipv6 | eb } <table>

Version-Release number of selected component (if applicable):
firewalld-0.3.2-1.fc19.noarch

How reproducible:
deterministic

Steps to Reproduce:
1. look at man and list some chain
2. <table> is not described what's that

Actual results:
firewall-cmd  --get-chains ipv4 raw
# no output
firewall-cmd  --get-chains ipv4 filter
# no output, is that wrong table or zero chain?

Expected results:
there is mentioned what is <table>
if there is no output, it should indicate that list is empty

Additional info:
are tables in list of `cat /proc/net/ip_tables_names` ? 
why there is no output?

Comment 1 Jiri Popelka 2013-06-07 16:09:49 UTC

(In reply to Petr Sklenar from comment #0)
> Expected results:
> there is mentioned what is <table>

yes, we should improve the man page to say that for
<table>, <chain> and <args> one should consult iptables(8) first.

> if there is no output, it should indicate that list is empty

I think the typical use case is to forward the output to variable and then check whether it's (non)empty.

> Additional info:
> are tables in list of `cat /proc/net/ip_tables_names` ? 

yes (but see below)

> why there is no output?

because --query-[chain/rule] and --get-[chains/rules] take into consideration only chains/rules previously added with 'firewall-cmd --direct'.
I'm not sure whether that's by design or bug but I guess the former one. Thomas ???
It should be definitely noted in man page too.

I've improved the firewall-cmd man page, let me know what do you think
https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=4532f569ac502fa910ddf109a729a827940486f0

Comment 2 Fedora Update System 2013-07-30 19:12:53 UTC

firewalld-0.3.4-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/firewalld-0.3.4-1.fc19

Comment 3 Fedora Update System 2013-08-02 03:48:06 UTC

Package firewalld-0.3.4-1.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing firewalld-0.3.4-1.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-14046/firewalld-0.3.4-1.fc19
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2013-08-04 00:08:38 UTC

firewalld-0.3.4-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.