Submitted by mbos on Tue, 08/25/2009 - 14:40 Pro Licensee
In several situations the comments for all firewall rules will disappear. One way to recreate is select an existing rule, clone the rule, make a change, and save. The comments for all rules are now gone from both the user interface and iptables file.
Status:
Closed (fixed)
Comments
Submitted by mbos on Tue, 08/25/2009 - 14:41 Pro Licensee Comment #1
Submitted by JamieCameron on Tue, 08/25/2009 - 16:41 Comment #2
I don't see this happen on my test systems..
Do you have comments stored in /etc/sysconfig/iptables using # lines, or the --comment flag on rules?
Submitted by mbos on Tue, 08/25/2009 - 19:51 Pro Licensee Comment #3
I've tried it with both settings(-- and # comment options) in the module config. An initial vmin FW setup creates comments, which is what gets lost. Post vmin fw setup you can cat on iptables and see the actual # comments the file. I can recreate with these steps:
Base centos 5.3 x64_86 install (nothing but base). Initial reboot - "firstboot" and turnoff FW and selinux Run install.sh script (not GPL). Browse to Webmin -> Networking -> Linux Firewall (reset if any rules in place). Set FW to "virtual hosting" option. Cat iptables and the comments exist. Any further changes to FW rules and all comments are lost. Hope that helps and sorry for the shorthand commentary. Figured you'd follow. :-) Glad to help best I can and let me know if you need more detail.
Submitted by JamieCameron on Tue, 08/25/2009 - 23:23 Comment #4
When you check the iptables save file in the "Cat iptables and the comments exist" step, does it use # comments or --comment format?
Submitted by mbos on Wed, 08/26/2009 - 05:20 Pro Licensee Comment #5
Comments are "# based" in iptables. I recall that is the default for the module config as well.
Submitted by JamieCameron on Wed, 08/26/2009 - 13:41 Comment #6
Did you ever click the "Revert Configuration" button? That's the only feature that could cause this .. and is generally not needed, as it resets the on-disk save file to match the in-kernel rules.
Submitted by mbos on Wed, 08/26/2009 - 17:34 Pro Licensee Comment #7
Sorry... No. Fresh build, reset FW, choose "hosting option", done. From that point forward pretty much any manipulation of FW rules causes comments to disappear. Another odd related issue is on a fresh build with nothing. No "base", nothing. yum wget, perl and slocate (plus run updatedb) so script runs properly. Post vmin install with the same steps above and no comments are created. Rules are all created correctly, but no comments at all in the UI or iptables file. As I said, glad to help and I can recreate this all day long, so just let me know what you need to get to the bottom of it.
Submitted by JamieCameron on Wed, 08/26/2009 - 17:39 Comment #8
Perhaps the quickest way for me to debug this would be for me to login to your system myself and see what is happening under the hood. If that is possible, you can email me login details at jcameron@virtualmin.com
Submitted by mbos on Thu, 08/27/2009 - 08:30 Pro Licensee Comment #9
Tell you what... I'll bring up a test box built exactly like production and let you see what you can find. I'll send the information to your email when it's ready. Thanks again...
Submitted by JamieCameron on Thu, 08/27/2009 - 11:52 Comment #10
Ok, that would be great!
Submitted by mbos on Fri, 08/28/2009 - 13:43 Pro Licensee Comment #11
Well Jamie... I swear I'm not loosing my mind! The "test box" is not having this issue, even though I could recreate it at will in a vmware session. I also checked the production box again and it too is working correctly. No updates have been done and nothing has changed, so I'm stumped. Sorry for troubling you and thank you for your time!
Submitted by JamieCameron on Fri, 08/28/2009 - 14:07 Comment #12
Weird .. well, please re-open this bug if you see it again and can re-produce it reliably.
Submitted by Issues on Fri, 09/11/2009 - 15:18 Comment #13
Automatically closed -- issue fixed for 2 weeks with no activity.