Bug 980390 - If I install openswan package, after collecting sosreport, iptables will be started even though iptables is stopped and chkconfig off before collecting the sosreport.
If I install openswan package, after collecting sosreport, iptables will be s...
Status: CLOSED DUPLICATE of bug 954249
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openswan (Show other bugs)
6.4
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Paul Wouters
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-02 04:53 EDT by Chen
Modified: 2013-08-02 12:14 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-23 15:34:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chen 2013-07-02 04:53:16 EDT
Description of problem:

If I install openswan package, after collecting sosreport, iptables will be started even though iptables is stopped and chkconfig off before collecting the sosreport. 

Version-Release number of selected component (if applicable):

RHEL6.4

How reproducible:

Always

Steps to Reproduce:

1. Stop iptables.

# service iptables stop

2. Install openswan.

# yum install openswan

3. Collect iptables.

# sosreport

4. Check iptables status

# service iptables status

Actual results:

Iptables is started.

Expected results:

Iptables should be stop

Additional info:
Comment 1 Chen 2013-07-02 05:02:18 EDT
Per my investigation, first we have

# cat /usr/lib/python2.6/site-packages/sos/plugins/openswan.py

self.collectExtOutput("/usr/sbin/ipsec barf")

Then, in /usr/libexec/ipsec/barf we have 

# cat /usr/libexec/ipsec/barf

if test -r /sbin/iptables-save
then
        iptables-save
        _________________________ iptables-nat
        iptables-save -t nat
        _________________________ iptables-mangle
        iptables-save -t mangle

After iptables-save -t nat, the iptables is started.

I think we should do something to stop iptables from being started after collecting sosreport.

Best regards,

Chen
Comment 3 Bryn M. Reeves 2013-07-02 05:07:33 EDT
This is a bug in ipsec's barf command. It should not modify system state. Please report a bug against the openswan pacakge (or move this bug to that component).

We are already intending to disable ipsec barf collection in sos due to bug 924925 (openswan bug 771612).
Comment 5 Eric Paris 2013-07-23 15:34:22 EDT
Marking this bug as a duplicate.  This has been fixed for 6.5

*** This bug has been marked as a duplicate of bug 954249 ***

Note You need to log in before you can comment on or make changes to this bug.