https://bugzilla.novell.com/show_bug.cgi?id=753474 https://bugzilla.novell.com/show_bug.cgi?id=753474#c0 Summary: Custom Firewall Configuration Broken Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: All OS/Version: openSUSE 12.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: scotty.mcmillan+novell@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1066.0 Safari/536.3 SUSE/19.0.1066.0 Short version: The line FW_CUSTOMRULES="" needs to be removed from /sbin/SuSEfirewall2. Long version: According to the comment in /etc/sysconfig/SuSEfirewall2, if you set the value of FW_CUSTOMRULES to the path of a file containing custom iptables rules (e.g., the example /etc/sysconfig/scripts/SuSEfirewall2-custom), then custom iptables commands will be executed as appropriate. This seems fairly logical. The problem is, the custom rules are never executed. This is because /sbin/SuSEfirewall2 contains a line that sets FW_CUSTOMRULES="". If you modify /sbin/SuSEfirewall2 to remove that line, the configuration in /etc/sysconfig/SuSEfirewall2 works to load the custom rules as expected. This is not good at all. Firstly, it's not immediately obvious to users why custom rules aren't getting loaded in response to changes in /etc/sysconfig/SuSEfirewall2. Secondly, if a system update changes /sbin/SuSEfirewall2, custom firewall rules will stop getting loaded until the user modifies it again. Reproducible: Always Steps to Reproduce: 1. Set FW_CUSTOMRULES to /etc/sysconfig/scripts/SuSEfirewall2-custom in /etc/sysconfig/SuSEfirewall2 2. Add desired iptables commands into the appropriate section of /etc/sysconfig/scripts/SuSEfirewall2-custom Actual Results: Custom iptables configuration is never executed. Expected Results: Custom iptables commands executed at the appropriate time. This problem exists in the machines here running OpenSUSE 11.1, OpenSUSE 11.4, and OpenSUSE 12.1. I can't see any good reason to keep it broken any longer. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.