[Bug 712670] New: Problem with FW_SERVICES_ACCEPT_EXT in /etc/sysconfig/SuSEfirewall2
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c0 Summary: Problem with FW_SERVICES_ACCEPT_EXT in /etc/sysconfig/SuSEfirewall2 Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: f.de.kruijf@gmail.com QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 I have the following 3 lines in etc/sysconfig/SuSEfirewall2: FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh 127.0.0.0/8,tcp,mysql 192.168.1.0/24,tcp,3080 192.168.1.0/24,tcp,3493" The first two lines are in fact one line. At a certain moment, I can relate it a YaST session, these lines are changed into: hitcount="3,blockseconds=60,recentname=ssh" FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,, 127.0.0.0/8,tcp,mysql 192.168.1.0/24,tcp,3080 192.168.1.0/24,tcp,3493" so the first line above is moved out of the FW_SERVICES_ACCEPT_EXT definition. This effectively disables what should be achieved, limiting the amount of ssh tcp sessions to 3 per minute from one IP address. # ls -l /etc/sysconfig/SuSEfirewall2 -rw-r--r-- 1 root root 34590 Aug 14 22:25 /etc/sysconfig/SuSEfirewall2 shows the date of last change of that file # zcat /var/log/YaST2/y2log-1.gz | grep SuSEfirewall | grep '14 22' 2011-08-14 22:25:08 <1> eik114(5855) [YCP] Service.ycp:403 Enabling service SuSEfirewall2_init 2011-08-14 22:25:08 <1> eik114(5855) [YCP] Service.ycp:403 Enabling service SuSEfirewall2_setup shows YaST activity at that moment. Reproducible: Sometimes Steps to Reproduce: 1.Don't know 2. 3. Expected Results: The line in SuSEfirewall2 should be left alone It happened several times earlier, but had the file SuSEfirewall2 changed before I could relate it to something happening at that moment. Below is the last line of a zypper session show in the file /var/log/zypper.log 2011-08-14 22:25:02 <1> eik114(5631) [zypp] ZYppFactory.cc(~ZYppGlobalLock):90 Lockfile cleaned. (5631) So a few seconds before zypper ended. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c1 --- Comment #1 from Freek de Kruijf <f.de.kruijf@gmail.com> 2011-08-17 14:19:11 UTC --- I am sorry, but in the above 3 lines should be 4 lines and the sentence "The first two lines are in fact one line." should be removed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c zj jia <zjjia@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@novell.com AssignedTo|bnc-team-screening@forge.pr |yast2-maintainers@suse.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c2 Thomas Fehr <fehr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|yast2-maintainers@suse.de |locilka@novell.com --- Comment #2 from Thomas Fehr <fehr@novell.com> 2011-08-25 09:10:21 UTC --- Reassigned to maintainer of yast2-firewall -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c3 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |f.de.kruijf@gmail.com --- Comment #3 from Lukas Ocilka <locilka@novell.com> 2011-08-25 09:15:35 UTC --- Please attach YaST logs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c4 Freek de Kruijf <f.de.kruijf@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|f.de.kruijf@gmail.com | --- Comment #4 from Freek de Kruijf <f.de.kruijf@gmail.com> 2011-08-25 18:55:59 UTC --- Created an attachment (id=447768) --> (http://bugzilla.novell.com/attachment.cgi?id=447768) YaST logfile YaST log containing the log of 2011-08-14 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c5 Lukas Ocilka <locilka@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Status|NEW |ASSIGNED --- Comment #5 from Lukas Ocilka <locilka@suse.com> 2011-08-26 10:41:35 UTC --- Thanks, I've reproduced the bug here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c6 --- Comment #6 from Lukas Ocilka <locilka@suse.com> 2011-08-26 11:20:24 UTC --- Issues: YaST Firewall doesn't know flags in FW_SERVICES_ACCEPT_* YaST (Generic) doesn't read them properly anyway This will need fix for yast2-firewall.rpm yast2.rpm -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c8 --- Comment #8 from Lukas Ocilka <locilka@suse.com> 2011-08-29 11:18:05 UTC --- Fixed for openSUSE 11.2 * yast2 2.21.12 * yast2-firewall 2.21.0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c10 --- Comment #10 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-08-29 14:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (712670) was mentioned in https://build.opensuse.org/request/show/80030 Factory / yast2 https://build.opensuse.org/request/show/80031 Factory / yast2-firewall -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c11 --- Comment #11 from Lukas Ocilka <locilka@suse.com> 2011-08-29 14:28:21 UTC --- (In reply to comment #8)
Fixed for openSUSE 11.2
Should have been 12.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c12 --- Comment #12 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-08-29 17:00:19 CEST --- This is an autogenerated message for OBS integration: This bug (712670) was mentioned in https://build.opensuse.org/request/show/80077 Factory / yast2-firewall -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:planned:update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c14 Christian Dengler <cdengler@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|maint-coord@suse.de |maintenance@opensuse.org --- Comment #14 from Christian Dengler <cdengler@suse.com> 2011-08-30 13:19:47 UTC --- The update is okay for me on 11.{3,4} +1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c15 Freek de Kruijf <f.de.kruijf@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #15 from Freek de Kruijf <f.de.kruijf@gmail.com> 2011-09-04 22:21:05 UTC --- I assume the previous comment provides the needed information -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c16 Lukas Ocilka <locilka@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #16 from Lukas Ocilka <locilka@suse.com> 2011-09-09 09:12:09 UTC --- OK, so it's a planned update for older distros and already fixed for 12.1. You can upgrade to Factory versions now if you wish so: * yast2 2.21.12 (or higher) * yast2-firewall 2.21.0 (or higher) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com