[Bug 712670] New: Problem with FW_SERVICES_ACCEPT_EXT in /etc/sysconfig/SuSEfirewall2
https://bugzilla.novell.com/show_bug.cgi?id=712670 https://bugzilla.novell.com/show_bug.cgi?id=712670#c0 Summary: Problem with FW_SERVICES_ACCEPT_EXT in /etc/sysconfig/SuSEfirewall2 Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: f.de.kruijf@gmail.com QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 I have the following 3 lines in etc/sysconfig/SuSEfirewall2: FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh 127.0.0.0/8,tcp,mysql 192.168.1.0/24,tcp,3080 192.168.1.0/24,tcp,3493" The first two lines are in fact one line. At a certain moment, I can relate it a YaST session, these lines are changed into: hitcount="3,blockseconds=60,recentname=ssh" FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,, 127.0.0.0/8,tcp,mysql 192.168.1.0/24,tcp,3080 192.168.1.0/24,tcp,3493" so the first line above is moved out of the FW_SERVICES_ACCEPT_EXT definition. This effectively disables what should be achieved, limiting the amount of ssh tcp sessions to 3 per minute from one IP address. # ls -l /etc/sysconfig/SuSEfirewall2 -rw-r--r-- 1 root root 34590 Aug 14 22:25 /etc/sysconfig/SuSEfirewall2 shows the date of last change of that file # zcat /var/log/YaST2/y2log-1.gz | grep SuSEfirewall | grep '14 22' 2011-08-14 22:25:08 <1> eik114(5855) [YCP] Service.ycp:403 Enabling service SuSEfirewall2_init 2011-08-14 22:25:08 <1> eik114(5855) [YCP] Service.ycp:403 Enabling service SuSEfirewall2_setup shows YaST activity at that moment. Reproducible: Sometimes Steps to Reproduce: 1.Don't know 2. 3. Expected Results: The line in SuSEfirewall2 should be left alone It happened several times earlier, but had the file SuSEfirewall2 changed before I could relate it to something happening at that moment. Below is the last line of a zypper session show in the file /var/log/zypper.log 2011-08-14 22:25:02 <1> eik114(5631) [zypp] ZYppFactory.cc(~ZYppGlobalLock):90 Lockfile cleaned. (5631) So a few seconds before zypper ended. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c1
--- Comment #1 from Freek de Kruijf
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c
zj jia
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c2
Thomas Fehr
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c3
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c4
Freek de Kruijf
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c5
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c6
--- Comment #6 from Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c8
--- Comment #8 from Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c10
--- Comment #10 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c11
--- Comment #11 from Lukas Ocilka
Fixed for openSUSE 11.2
Should have been 12.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c12
--- Comment #12 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c14
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c15
Freek de Kruijf
https://bugzilla.novell.com/show_bug.cgi?id=712670
https://bugzilla.novell.com/show_bug.cgi?id=712670#c16
Lukas Ocilka
participants (1)
-
bugzilla_noreply@novell.com