Mailinglist Archive: opensuse-bugs (4067 mails)

< Previous Next >
[Bug 712670] New: Problem with FW_SERVICES_ACCEPT_EXT in /etc/sysconfig/SuSEfirewall2
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 17 Aug 2011 14:14:28 +0000
  • Message-id: <bug-712670-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=712670

https://bugzilla.novell.com/show_bug.cgi?id=712670#c0


Summary: Problem with FW_SERVICES_ACCEPT_EXT in
/etc/sysconfig/SuSEfirewall2
Classification: openSUSE
Product: openSUSE 11.4
Version: Final
Platform: x86-64
OS/Version: openSUSE 11.4
Status: NEW
Severity: Normal
Priority: P5 - None
Component: YaST2
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: f.de.kruijf@xxxxxxxxx
QAContact: jsrain@xxxxxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101
Firefox/6.0

I have the following 3 lines in etc/sysconfig/SuSEfirewall2:

FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh
127.0.0.0/8,tcp,mysql
192.168.1.0/24,tcp,3080
192.168.1.0/24,tcp,3493"

The first two lines are in fact one line.

At a certain moment, I can relate it a YaST session, these lines are changed
into:

hitcount="3,blockseconds=60,recentname=ssh"
FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,
127.0.0.0/8,tcp,mysql
192.168.1.0/24,tcp,3080
192.168.1.0/24,tcp,3493"

so the first line above is moved out of the FW_SERVICES_ACCEPT_EXT definition.
This effectively disables what should be achieved, limiting the amount of ssh
tcp sessions to 3 per minute from one IP address.

# ls -l /etc/sysconfig/SuSEfirewall2
-rw-r--r-- 1 root root 34590 Aug 14 22:25 /etc/sysconfig/SuSEfirewall2

shows the date of last change of that file

# zcat /var/log/YaST2/y2log-1.gz | grep SuSEfirewall | grep '14 22'
2011-08-14 22:25:08 <1> eik114(5855) [YCP] Service.ycp:403 Enabling service
SuSEfirewall2_init
2011-08-14 22:25:08 <1> eik114(5855) [YCP] Service.ycp:403 Enabling service
SuSEfirewall2_setup

shows YaST activity at that moment.




Reproducible: Sometimes

Steps to Reproduce:
1.Don't know
2.
3.


Expected Results:
The line in SuSEfirewall2 should be left alone

It happened several times earlier, but had the file SuSEfirewall2 changed
before I could relate it to something happening at that moment.

Below is the last line of a zypper session show in the file /var/log/zypper.log
2011-08-14 22:25:02 <1> eik114(5631) [zypp] ZYppFactory.cc(~ZYppGlobalLock):90
Lockfile cleaned. (5631)

So a few seconds before zypper ended.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >