"[FLSA-2005:2252] Updated iptables packages resolve security issues" introduces new bug
Pekka Savola
pekkas at netcore.fi
Sun Feb 20 07:29:16 UTC 2005
On Sun, 20 Feb 2005, Bart Westra wrote:
> I had set the system to load ip_conntrack, ip_conntrack_ftp and ip_nat_ftp in
> /etc/rc.modules with modprobe commands. This worked ok untill now, but the
> new iptables package then unloads the modules when it is (re)started, and
> only looks in /etc/sysconfig/iptables-config for what modules should be
> restarted. So none would.
>
> I have now added ip_conntrack_ftp and ip_nat_ftp in
> /etc/sysconfig/iptables-config (and removed them from /etc/rc.modules). The
> basic ip_conntrack is loaded automatically so I left it out. Now full ftp
> connection tracking is back :)
This is good to know. However, did you explicitly check whether the
modules were or were not loaded after a restart and loading int he
rules without changing iptables-config?
That is, the whole purpose of the Fedora Legacy security update _was_
to fix the automatic loading of modules. If this doesn't work... we
have a problem.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-legacy-list
mailing list