[Bug 807257] New: SuSeFirewall reverts to default sysctl network related settings
https://bugzilla.novell.com/show_bug.cgi?id=807257 https://bugzilla.novell.com/show_bug.cgi?id=807257#c0 Summary: SuSeFirewall reverts to default sysctl network related settings Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: jjletho67-esus@yahoo.it QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Network related sysctl.conf settings are reverted to default or not applied when SuSeFirewall is active. Disabling SuSeFirewall allows you to get sysctl.conf setting applyed. Reproducible: Always Steps to Reproduce: 1.Enable SuSeFirewall through yast 2.add this line to the end of /etc/sysctl.conf: net.ipv4.conf.eth0.log_martians = 0 3. reboot 3. Actual Results: type: cat /proc/sys/net/ipv4/conf/eth0/log_martians the result will be "1" which is the default value, not the one you set in sysctl.conf Expected Results: The value you set in /etc/sysctl are in place. in the example I expect the command: cat /proc/sys/net/ipv4/conf/eth0/log_martians will return "0" with the firewall disabled sysctl network related settings will stay in place. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=807257 https://bugzilla.novell.com/show_bug.cgi?id=807257#c Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |meissner@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=807257 https://bugzilla.novell.com/show_bug.cgi?id=807257#c1 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME --- Comment #1 from Marcus Meissner <meissner@suse.com> 2013-03-15 15:07:47 UTC --- This is intentional and also hard to fix as the sysctl management is tricky. (log_martians to 0 reduces security btw ;) You can disable this setting globally in /etc/sysconfig/SuSEfirewall2 FW_KERNEL_SECURITY="no" then SuSEfirewall2 will not touch any of these values. ## Type: yesno # # Do you want to enable additional kernel TCP/IP security features? # If set to yes, some obscure kernel options are set. # (icmp_ignore_bogus_error_responses, icmp_echoreply_rate, # icmp_destunreach_rate, icmp_paramprob_rate, icmp_timeexeed_rate, # ip_local_port_range, log_martians, rp_filter, routing flush, # bootp_relay, proxy_arp, secure_redirects, accept_source_route # icmp_echo_ignore_broadcasts, ipfrag_time) # # Tip: Set this to "no" until you have verified that you have got a # configuration which works for you. Then set this to "yes" and keep it # if everything still works. (It should!) ;-) # # Choice: "yes" or "no", if not set defaults to "yes" # -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=807257 https://bugzilla.novell.com/show_bug.cgi?id=807257#c2 --- Comment #2 from Marco Manini <jjletho67-esus@yahoo.it> 2013-03-18 10:43:20 UTC --- I set FW_KERNEL_SECURITY to "no" and it worked as expected. So I can confirm this is not a bug I'm very sorry, this parameter did not ketch my attention! Thank you very much! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=807257 https://bugzilla.novell.com/show_bug.cgi?id=807257#c3 --- Comment #3 from Marco Manini <jjletho67-esus@yahoo.it> 2013-03-18 10:45:22 UTC --- ketch == catch -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com