Bug in system-config-firewall ?
JB
jb.1234abcd at gmail.com
Mon Sep 19 20:21:26 UTC 2011
linux guy <linuxguy123 <at> gmail.com> writes:
>
> I found a work around. Instead of entering port 22 as a "Trusted Port", enter
it manually as an "Other Port".What is it with Linux (ie Fedora, Ubuntu, etc)
and firewall managers ? Firestarter was crap for years and now we have this ?I
think I know why Samba wasn't working when I set it up last week. I spent at
least a day working on it. I never thought to run nmap. Live, pay and learn.LG
>
The workaround is just that. But you should investigate it more.
I am on F14 - opened port 22 via GUI firewall, applied it, and a new rule
showed up in config file and in iptables. Then I rebooted and all was as
expected.
You should test it on your F? distro as well and expect it to be OK.
The only theoretical possibilty to have firewall and its config file
/etc/sysconfig/iptables (if any initially) and iptables itself out of sync
is right during system installation or later after re-installation of either
firewall or iptables packages.
In case of installation of the firewall package system-config-firewall, it
would require a post-installation action to generate /etc/sysconfig/iptables
file (this file is obviously not part of the package as
'# rpm -ql system-config-firewall' shows).
So, you should test this case as well:
- get offline
- remove firewall
# yum remove system-config-firewall
- remove old iptables and ip6tables config files (if IPv6 present as well)
# rm /etc/sysconfig/iptables
# rm /etc/sysconfig/ip6tables
- restart iptables and ip6tables services to clear it up
This will depend on which F? you are on.
- re-install firewall
# yum install system-config-firewall
- now see what you got, if any
# ls -l /etc/sysconfig/iptables*
# ls -l /etc/sysconfig/ip6tables*
Did the installation run post-install action and create them ?
If so, is that default open port 22 reflected in the rules there ?
# cat /etc/sysconfig/iptables
# cat /etc/sysconfig/ip6tables
If so, is that also reflected in iptables itself ?
# iptables -n -L -v
Draw conclusions from all of this and eventually submit a Bugzilla report.
JB
More information about the users
mailing list