Re: Bug in system-config-firewall ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

linux guy <linuxguy123 <at> gmail.com> writes:

> 
> I found a work around.  Instead of entering port 22 as a "Trusted Port", enter
it manually as an "Other Port".What is it with Linux (ie Fedora, Ubuntu, etc)
and firewall managers ?  Firestarter was crap for years and now we have this ?I
think I know why Samba wasn't working when I set it up last week.  I spent at
least a day working on it.  I never thought to run nmap.  Live, pay and learn.LG
> 

The workaround is just that. But you should investigate it more.

I am on F14 - opened port 22 via GUI firewall, applied it, and a new rule
showed up in config file and in iptables. Then I rebooted and all was as
expected.
You should test it on your F? distro as well and expect it to be OK.

The only theoretical possibilty to have firewall and its config file
/etc/sysconfig/iptables (if any initially) and iptables itself out of sync
is right during system installation or later after re-installation of either
firewall or iptables packages.

In case of installation of the firewall package system-config-firewall, it
would require a post-installation action to generate /etc/sysconfig/iptables
file (this file is obviously not part of the package as
'# rpm -ql system-config-firewall' shows).

So, you should test this case as well:
- get offline
- remove firewall
  # yum remove system-config-firewall
- remove old iptables and ip6tables config files (if IPv6 present as well)
  # rm /etc/sysconfig/iptables
  # rm /etc/sysconfig/ip6tables
- restart iptables and ip6tables services to clear it up
  This will depend on which F? you are on.
- re-install firewall
  # yum install system-config-firewall
- now see what you got, if any
  # ls -l /etc/sysconfig/iptables*
  # ls -l /etc/sysconfig/ip6tables*
  Did the installation run post-install action and create them ?
  If so, is that default open port 22 reflected in the rules there ?
  # cat /etc/sysconfig/iptables
  # cat /etc/sysconfig/ip6tables
  If so, is that also reflected in iptables itself ?
  # iptables -n -L -v

Draw conclusions from all of this and eventually submit a Bugzilla report.

JB


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux