[Bug 671997] New: SuSEfirewall2: drop rules after accept rules
https://bugzilla.novell.com/show_bug.cgi?id=671997 https://bugzilla.novell.com/show_bug.cgi?id=671997#c0 Summary: SuSEfirewall2: drop rules after accept rules Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: chris@computersalat.de QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=414058) --> (http://bugzilla.novell.com/attachment.cgi?id=414058) change order for reject_or_drop_services funcs User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.2.13) Gecko/20101203 SUSE/3.6.13-0.2.1 Firefox/3.6.13 Hi, if you want to exclude complete access of several hosts/nets from accessing your box via "FW_SERVICES_DROP_EXT". Theses rules will be generated after "accept" rules (FW_SERVICES_EXT_TCP="25 80") and hence have no effect. Reproducible: Always Steps to Reproduce: 1.Try to exclude host via FW_SERVICES_DROP_EXT= 2.check rule base via `iptables -vnL` 3. Actual Results: Drop rules do not work. Expected Results: drop rules should work attached patch will fix this problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671997
https://bugzilla.novell.com/show_bug.cgi?id=671997#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=671997
https://bugzilla.novell.com/show_bug.cgi?id=671997#c
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=671997
https://bugzilla.novell.com/show_bug.cgi?id=671997#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=671997
https://bugzilla.novell.com/show_bug.cgi?id=671997#c2
--- Comment #2 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com