Bug 970509 – firewall-cmd, what is <table>

Bug 970509 - firewall-cmd, what is <table>

Summary:	firewall-cmd, what is <table>

Status:	CLOSED ERRATA

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	firewalld (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	---
Target Release:	---
Assigned To:	Thomas Woerner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2013-06-04 04:12 EDT by Petr Sklenar
Modified:	2013-08-03 20:08 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:	firewalld-0.3.4-1.fc19
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-08-03 20:08:38 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Petr Sklenar 2013-06-04 04:12:51 EDT

Description of problem:
man says:
firewall-cmd --direct --get-chains { ipv4 | ipv6 | eb } <table>

Version-Release number of selected component (if applicable):
firewalld-0.3.2-1.fc19.noarch

How reproducible:
deterministic

Steps to Reproduce:
1. look at man and list some chain
2. <table> is not described what's that

Actual results:
firewall-cmd  --get-chains ipv4 raw
# no output
firewall-cmd  --get-chains ipv4 filter
# no output, is that wrong table or zero chain?

Expected results:
there is mentioned what is <table>
if there is no output, it should indicate that list is empty

Additional info:
are tables in list of `cat /proc/net/ip_tables_names` ? 
why there is no output?

Comment 1 Jiri Popelka 2013-06-07 12:09:49 EDT

(In reply to Petr Sklenar from comment #0)
> Expected results:
> there is mentioned what is <table>

yes, we should improve the man page to say that for
<table>, <chain> and <args> one should consult iptables(8) first.

> if there is no output, it should indicate that list is empty

I think the typical use case is to forward the output to variable and then check whether it's (non)empty.

> Additional info:
> are tables in list of `cat /proc/net/ip_tables_names` ? 

yes (but see below)

> why there is no output?

because --query-[chain/rule] and --get-[chains/rules] take into consideration only chains/rules previously added with 'firewall-cmd --direct'.
I'm not sure whether that's by design or bug but I guess the former one. Thomas ???
It should be definitely noted in man page too.

I've improved the firewall-cmd man page, let me know what do you think
https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=4532f569ac502fa910ddf109a729a827940486f0

Comment 2 Fedora Update System 2013-07-30 15:12:53 EDT

firewalld-0.3.4-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/firewalld-0.3.4-1.fc19

Comment 3 Fedora Update System 2013-08-01 23:48:06 EDT

Package firewalld-0.3.4-1.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing firewalld-0.3.4-1.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-14046/firewalld-0.3.4-1.fc19
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2013-08-03 20:08:38 EDT

firewalld-0.3.4-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.