Bug 13157 - net_ monitor update breaks shorewall iptables configuration
Summary: net_ monitor update breaks shorewall iptables configuration
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Alex Loginov
QA Contact:
URL:
Whiteboard:
Keywords: NEEDINFO
Depends on:
Blocks:
 
Reported: 2014-04-07 02:37 CEST by Ainal Saidin
Modified: 2014-04-07 18:58 CEST (History)
1 user (show)

See Also:
Source RPM: net_monitor-0.17-1.mga4
CVE:
Status comment:


Attachments

Description Ainal Saidin 2014-04-07 02:37:14 CEST
Description of problem:
After updating net_monitor, internet access is denied after reboot. Able to reconfigure network configuration (network interface and routing setup ok). DNS is statically set as DNS1=8.8.8.8 setting in /etc/sysconfig/network-scripts/ifcfg-enp4s0.cfg. Unable to ping to router. Error is "Operation not permitted." Stopping shorewall (disabling firewall) allows ping and internet services to pass through.
Reconfigured shorewall by going to MCC--> security ---> Setup personal firewall and clicking Next buttons until finished but did not changed any setting from previous configuration. Problem solved.

Shorewall previous configuration: Block all ports except 2869/tcp 1900/udp

Version-Release number of selected component (if applicable):
net_monitor-0.17-1.mga4

How it could be reproduced:
1. Uninstall net_monitor-0.17-1 and re-installing previous version
2. Setup personal firewall again
3. Upgrading to net_monitor-0.17-1

Test for outbound internet access is fail/block.



Reproducible: 

Steps to Reproduce:
David Walser 2014-04-07 02:56:04 CEST

Component: Security => RPM Packages
Assignee: bugsquad => loginov_alex
QA Contact: security => (none)

Comment 1 David GEIGER 2014-04-07 07:35:27 CEST
Hi,

I can't reproduce this bug.

During the tests on my machines I have not encountered this problem.

This is strange.

CC: (none) => geiger.david68210

Comment 2 Alex Loginov 2014-04-07 08:43:34 CEST
An update net_monitor-0.17 does not touch firewall absolutly.
Difference between net_monitor 0.16 and 0.17 is very small: http://gitweb.mageia.org/software/net_monitor/commit/?id=e9da46728549f5b18248b5ee290848e611780e94 and it's only correcting strings in net_monitor for unicode.

Ainal, please test again.

Keywords: (none) => NEEDINFO

Comment 3 Ainal Saidin 2014-04-07 16:56:15 CEST
I was not able to reproduce it. 
What I should have done was capture the iptables rules before re configuring shorewall. when the problem occurred, I could only get to the internet when I stopped iptables / shorewall.  
It may have been a fluke of the setup I have. It was consistent enough to survive several reboots, though. And only went away after running MCC reconfiguring the personal firewall.
Anyway, please feel free to close this. As long as anyone else who does have a similar experience can find my solution/workaround when they searched for it.
Comment 4 Alex Loginov 2014-04-07 18:58:07 CEST
Closed as INVALID.

Status: NEW => RESOLVED
Resolution: (none) => INVALID


Note You need to log in before you can comment on or make changes to this bug.