[Bug 474267] New: issue with SuseFirewall and if-up/if-down
https://bugzilla.novell.com/show_bug.cgi?id=474267 Summary: issue with SuseFirewall and if-up/if-down Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Critical Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jc@phocean.net QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-1.1 Firefox/3.0.5 Recently, I have been loosing network access, a while after resuming from suspend (and changing of network subnet). I found out that my logs are full of "martian source" alerts, which are nothing else than my subnet addresses. As restarting the firewall seemed to solve the problem, I came to the idea that there were some issue with the if-up / if-down scripts. I checked this file, /etc/sysconfig/network/if-up.d/SuSEfirewall2, whose section of code makes me skeptical : case "$0" in *if-up.d*) /sbin/SuSEfirewall2 -q start ;; *if-down.d*) /sbin/SuSEfirewall2 -q start ;; *) echo "don't know what to do" >&2 ;; esac Shouldn't it be : case "$0" in *if-up.d*) /sbin/SuSEfirewall2 -q start ;; *if-down.d*) /sbin/SuSEfirewall2 -q stop ;; *) echo "don't know what to do" >&2 ;; esac There is no script in the if-dow.d folder. I think the above script should be linked there. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=474267 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |lnussel@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=474267 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=474267#c1 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2009-02-11 02:14:01 MST --- (In reply to comment #0)
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-1.1 Firefox/3.0.5
Recently, I have been loosing network access, a while after resuming from suspend (and changing of network subnet).
Using NetworkManager? IIRC there is a bug open already for such an issue.
I found out that my logs are full of "martian source" alerts, which are nothing else than my subnet addresses.
The kernel logs that if the interface on which a packet is received doesn't match the interface the kernel would use to contact that address. That's not related to packet filtering (iptables).
As restarting the firewall seemed to solve the problem, I came to the idea that there were some issue with the if-up / if-down scripts.
I checked this file, /etc/sysconfig/network/if-up.d/SuSEfirewall2, whose section of code makes me skeptical :
case "$0" in *if-up.d*) /sbin/SuSEfirewall2 -q start ;; *if-down.d*) /sbin/SuSEfirewall2 -q start ;; *) echo "don't know what to do" >&2 ;; esac
Shouldn't it be :
case "$0" in *if-up.d*) /sbin/SuSEfirewall2 -q start ;; *if-down.d*) /sbin/SuSEfirewall2 -q stop ;; *) echo "don't know what to do" >&2 ;; esac
No. Stopping SuSEfirewall2 would mean to open the system to the world. You basically never want to stop SuSEfirewall2 (not even shutdown does that).
There is no script in the if-dow.d folder. I think the above script should be linked there.
It could be there but besides potentially removing some no longer used filtering rules the call would only waste ressources. You normally only need to call SuSEfirewall2 if new interfaces appear. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com