SCIENTIFIC-LINUX-DEVEL Archives

September 2017

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: SL7.4 Release Candidate status
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Fri, 15 Sep 2017 08:17:10 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (32 lines) 
On 09/15/2017 02:11 AM, Steven Haigh wrote:
> On 2017-09-15 16:11, Ilari Stenroth wrote:
>> CentOS did fix the iptables bug before the upstream EL distribution in
>> their package release iptables-1.4.21-18.0.1.el7. It's mentioned here:
>> https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 Maybe the fixed
>> package can be ported to SL7.4?
>
> I reported the initial bug to RH via bugzilla.
>
> The problem is that the CentOS fix does not completely fix the issue - 
> however works around one specific case.
>
> The same race condition also applies for iptables rulesets that load 
> kernel modules as the rules are inserted.
>
> I don't believe this has been fixed by CentOS, or RH as yet.
>
> This means any non-bog standard firewall could still cause a silent 
> failure of firewall rules on boot.
>

I believe the package in SL7 Testing has the complete fix applied.

Pat

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org

ATOM RSS1 RSS2