Bug 1290

Summary: Drakfirewall not see correct state of shorewall service
Product: [ROSA-based products] ROSA Fresh Reporter: Aleksandr Kazantcev <alexander.kazantsev>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alex.burmashev, v.potapov
Version: FreshFlags: v.potapov: qa_verified+
alex.burmashev: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: drakx-net ISO-related:
Bad POT generating: Upstream:

Description Aleksandr Kazantcev 2012-12-21 18:39:34 MSK 
If you run drakfirewall, it's say that firewall disabled, but shorewall may be anabled and rules was been impliment.
Comment 1 Aleksandr Kazantcev 2012-12-21 18:42:24 MSK 
https://abf.rosalinux.ru/build_lists/857899
https://abf.rosalinux.ru/build_lists/857900

Advisory: Drakfirewall has error, that always say for shorewall disabling. This update fix check shorewall state after systemd migrations. Also we fix nfs servise using and drop Interactive Firewall via we not more using net-applet and net-center
Comment 2 Vladimir Potapov 2012-12-26 11:25:07 MSK 
The shorewall state not restored after reboot (and after 2-3 settings by drakfirewall).
Comment 3 Aleksandr Kazantcev 2012-12-26 12:06:19 MSK 
Why you think is not restored?

First - set up Disable all and see

 iptables -L

it will be clear (not rules)

Then setup options in drakfirewall and see

 iptables -L

rules will be applyed

Then  reboot and check again

 ipatables -L

rules will be similar - shorewall is working...


For full disable shorewall you need uncheck ALL service and check Disable all..
Comment 4 Vladimir Potapov 2012-12-26 13:53:20 MSK 
Old problem - iptables not started by default (and any operations in drakfirewall can't change this status). 
This bug present in  marathon too.
Comment 5 Aleksandr Kazantcev 2012-12-26 13:59:47 MSK 
We fix iptables... You need has updated system for test this...

What version you use? You need iptables-1.4.15-4

What output for

systemctl | grep failed

and

systemctl status iptables

?
Comment 6 Vladimir Potapov 2012-12-26 14:26:32 MSK 
Not errors - service not started (default settings after install).
If I set exec flag in drakxservices, iptables start fine and drakfirewall work correct.
Comment 7 Aleksandr Kazantcev 2012-12-26 14:31:00 MSK 
Afrer fresh install iptables was not start - it's broken.

Need update and (as you describe) restart service - we don't possible start it with package...

And i'm think drakfirewall update need be push in repo - it's fix error for user's that has started iptables and start in manually...
Comment 8 Vladimir Potapov 2012-12-26 14:51:17 MSK 
drakx-net-1.0-1-rosa2012.1
****************** Advisory ***************
drakfirewall has error, that always say for shorewall disabling. This update fix check shorewall state after systemd migrations. Also we fix nfs servise using and drop Interactive Firewall via we not more using net-applet and net-center
********************************************
QA Verified