Bug 300869

Summary: SuSEfirewall2 breaks when runnig slert2.0 beta3 kernel
Product: [SUSE Linux Enterprise Real Time Extension] SUSE Linux Enterprise Real Time 10 SP1 Reporter: Alex Tsariounov <alext>
Component: kernelAssignee: Sven Dietrich <sdietrich>
Status: RESOLVED FIXED QA Contact: E-mail List <lsg-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Beta 3   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: iptables -L output for sles10sp1 firewall functional
iptables -L output for slert2.0 beta3 firewall broken

Description Alex Tsariounov 2007-08-15 22:42:18 UTC 
The firewall is active and functions correctly when running the sles10 kernel.  A fresh install of slert2 beta3 breaks the firewall as follows:

  - No network traffic is allowed out of machine
  - Machine is pingable from external hosts

Thus things like ping, ssh, nfs, etc. do not function, but you can ping and ssh to the machine from an external host.

Once the firewall is disabled via yast, the everything functions normally.  Re-enabling the firewall creates the same sitation again.
Comment 1 Sven Dietrich 2007-08-18 19:07:03 UTC 
Please attach the output of iptables -L for each instance of SLES10-SP1/functional and SLERT2/non-functional
Comment 2 Alex Tsariounov 2007-08-22 18:12:19 UTC 
Created attachment 159162 [details]
iptables -L output for sles10sp1 firewall functional
Comment 3 Alex Tsariounov 2007-08-22 18:13:02 UTC 
Created attachment 159163 [details]
iptables -L output for slert2.0 beta3 firewall broken
Comment 4 Sven Dietrich 2007-08-22 22:50:00 UTC 
I synched the netfilter settings with openSUSE.
Please verify if current SVN resolves the firewall issue.
Comment 5 Alex Tsariounov 2007-08-23 00:38:35 UTC 
Tried v1130 but this one does not bring up networking at all.  The e1000 module is loaded, but no dice....
Comment 6 Sven Dietrich 2007-08-24 00:02:53 UTC 
Net issue fixed with the config file update.
(Had dropped SYSFS_DEPRECATED and this was needed for networking)
Comment 7 Alex Tsariounov 2007-08-24 18:57:15 UTC 
Firewall and network issues are fixed as of kernel svn revision v1149!  Tested on t60p laptop and dell 490.