Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1220902 - Firewalld getting incorrect per-Edition defaults
Summary: Firewalld getting incorrect per-Edition defaults
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: firewalld
Version: 22
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedBlocker
Depends On:
Blocks: F22FinalBlocker
TreeView+ depends on / blocked
 
Reported: 2015-05-12 19:00 UTC by Stephen Gallagher
Modified: 2015-05-15 21:33 UTC (History)
6 users (show)

Fixed In Version: firewalld-0.3.13-7.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-05-15 21:33:00 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Stephen Gallagher 2015-05-12 19:00:31 UTC
Description of problem:


Version-Release number of selected component (if applicable):
firewalld-0.3.13-5.fc22

How reproducible:
Every time

Steps to Reproduce:
1. Install a Fedora 22 Branched or Rawhide Compose after May 11th

Actual results:
The installed system will get the default (non-product) firewall configuration, not the Edition-specific one.

Expected results:
The installed system should get the correct set of default firewall rules.

Additional info:
This does not affect upgraded systems, due to the nature of the bug.

The issue is that we accidentally pushed the updated fedora-release package to stable before the firewalld package (which did not happen in time for Freeze). I forgot to build the matching firewalld package in time.

The issue is fixed in firewalld-0.3.13-7.fc22

Comment 1 Fedora Blocker Bugs Application 2015-05-12 19:01:35 UTC
Proposed as a Blocker for 22-final by Fedora user sgallagh using the blocker tracking app because:

 "After system installation without explicit firewall configuration, the system firewall must be active on all non-loopback interfaces. The only ports which may be open to incoming traffic are port 22 (ssh), port 9090 (Cockpit web interface), and any ports associated with server Roles selected during installation. Supported install-time firewall configuration options must work correctly." (Alpha Criterion)

Comment 2 Fedora Update System 2015-05-12 19:04:01 UTC
firewalld-0.3.13-7.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/firewalld-0.3.13-7.fc22

Comment 3 Stephen Gallagher 2015-05-12 19:06:26 UTC
For the record, +1 blocker from me.

Comment 4 Dan Mossor [danofsatx] 2015-05-12 19:07:52 UTC
+1 Blocker.

Comment 5 Adam Williamson 2015-05-12 19:48:49 UTC
+1 blocker, that's +3, moving to accepted.

Comment 6 Adam Williamson 2015-05-12 21:11:42 UTC
Tested the fix by creating a Workstation live, it looks good.

Comment 7 Fedora Update System 2015-05-15 21:33:00 UTC
firewalld-0.3.13-7.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.