https://bugzilla.novell.com/show_bug.cgi?id=694464 https://bugzilla.novell.com/show_bug.cgi?id=694464#c0 Summary: SuSEfirewall2_setup wipes out site specific iptable rules on boot Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Critical Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Curt.Blank@curtronics.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 SuSEfirewall2_setup has "# Should-Start: $ALL ..." in it which makes it one of the last startup scripts to run. 1. it should run as soon as possible after the network is up to protect the system not after apps that listen to the network are already exposed. 2. I have startup scripts that run and add iptables rules then SuSEfirewall2_setup runs after them and wipes out the rules even though I have # Required-Start: $syslog $named SuSEfirewall2_setup # Should-Start: $syslog $named SuSEfirewall2_setup in my scripts but that $ALL in SuSEfirewall2_setup trumps these. This has been going on for a while and I'm finally tired of having to correct this after every darn update. $ALL never used to be in the last SuSEfirewall2_* script that ran on startup then one day many versions ago it showed up. PITA SuSEfirewall2_setup does not need to run last, in fact for the reason I mentioned above it should run as soon as possible after the network is up to protect the machine and not leave it exposed even for 10 seconds. Reproducible: Always Steps to Reproduce: 1. boot the system 2. 3. Actual Results: Wipes out site specific iptable rules. Expected Results: I expect it to run as soon as the network is up and not last and not wipe out other iptable rules. I consider this a critical bug because of network exposure. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.