Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Unnecessary Requires - shorewall and tcpwrappers
https://bugzilla.redhat.com/show_bug.cgi?id=781341
Summary: Unnecessary Requires - shorewall and tcpwrappers
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: unspecified
Component: fail2ban
AssignedTo: axel.thimm(a)atrpms.net
ReportedBy: vogel(a)folz.de
QAContact: extras-qa(a)fedoraproject.org
CC: herrold(a)owlriver.com, mattdm(a)mattdm.org,
axel.thimm(a)atrpms.net, tim(a)niemueller.de,
vogel(a)folz.de, jonathan.underwood(a)gmail.com,
ruben(a)rubenkerkhof.com, wdierkes(a)rackspace.com,
triage(a)lists.fedoraproject.org,
maxamillion(a)fedoraproject.org,
voronin.andrey(a)gmail.com,
bugzilla.redhat.com(a)ewood.users.cementhorizon.com
Estimated Hours: 0.0
Classification: Fedora
Story Points: ---
Clone Of: 244275
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
+++ This bug was initially created as a clone of Bug #244275 +++
Description of problem (copied from Bug #244275):
fail2ban doesn't require shorewall to function, and in fact, as we ship it, it
makes use of the Fedora firewall - installing an extra firewall which is the
not
used in the default configuration is a bit gratuitous and confusing to the
user.
Also, the Requires: tcpwrappers isn't needed unless the user decides to enable
the tcpwrapper action (disabled by default)
Additional information:
Bug #244275 contains suggestions and possible patches for a fix, but was closed
with NOTABUG as noted in the comment from the EPEL maintainer:
--- Additional comment from maxamillion(a)fedoraproject.org on 2012-01-12
22:46:49 EST ---
Since this is just the EPEL package and I don't maintain fail2ban for Fedora, I
will be keeping it in line with Fedora proper. Please feel free to discuss this
with the Fedora package maintainer.
As I wrote in some comments in Bug #244275, I'm interested in a fix for Fedora,
which is why I file this bug now.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=126342
Josh Boyer <jwboyer(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gcarter(a)aesgi.com
--- Comment #47 from Josh Boyer <jwboyer(a)redhat.com> 2012-02-29 11:04:09 EST ---
*** Bug 798464 has been marked as a duplicate of this bug. ***
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=250919
--- Comment #51 from Peter Bieringer <pb(a)bieringer.de> 2012-02-28 15:56:13 EST ---
Ok, this sounds reasonable at least since F16, where IPv6 is no longer "extra"
as kernel module.
Last time I've tried setting use_tempaddr via udev (<= F15 afair) it won't work
because the IPv6 module was not built-into kernel by default which meant that
the sysctl failed because network device appear earlier than IPv6 module was
loaded.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=250919
--- Comment #50 from Bill Nottingham <notting(a)redhat.com> 2012-02-28 15:41:34 EST ---
See /lib/udev/rules.d/99-systemd.rules, specifically where it does:
# Apply sysctl variables to network devices (and only to those) as they appear.
SUBSYSTEM=="net", KERNEL!="lo", RUN+="/lib/systemd/systemd-sysctl
--prefix=/proc/sys/net/ipv4/conf/$name --prefix=/proc/sys/net/ipv4/neigh/$name
--prefix=/proc/sys/net/ipv6/conf/$name --prefix=/proc/sys/net/ipv6/neigh/$name"
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=250919
--- Comment #49 from Peter Bieringer <pb(a)bieringer.de> 2012-02-28 15:15:04 EST ---
(In reply to comment #48)
> Re: comment #45
>
> In current releases, IPv6 is built in, and systemd automatically runs
> net.conf.<device> sysctls on device insertion. So, I believe sysctl.conf should
> work, and should work much better than doing this in the ifup path.
How is systemd handling this in detail? I'm asking because I ran here into a
strange problem with unknown reason.
# grep ipv6 /etc/sysctl.conf
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.default.use_tempaddr=2
Now after some time (unsure when, but perhaps after hibernating the system),
suddenly such setting on the interface is gone and turned to
net.ipv6.conf.p32p1.use_tempaddr=-1
BTW: if anyone still interested in bringing this IPV6_PRIVACY back to working,
I can run through my old patches and create a new set. In principle, this must
be set per interface *before* it's coming up, so in the ifup script, a special
hook will be created (minor patch) or integrating IPv6 from ifup-ipv6 into main
ifup (bigger patch probably).
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Product: Fedora
Version: 15
Component: kernel
Josh Boyer <jwboyer(a)redhat.com> has canceled Bug Zapper
<triage(a)lists.fedoraproject.org>'s request for needinfo:
Bug 616317: Bluetooth device should not be enabled automatically
https://bugzilla.redhat.com/show_bug.cgi?id=616317
Product: Fedora
Version: 15
Component: kernel
Josh Boyer <jwboyer(a)redhat.com> has canceled Bug Zapper
<triage(a)lists.fedoraproject.org>'s request for needinfo:
Bug 599138: Suspend failure (thinkpad docking stations)
https://bugzilla.redhat.com/show_bug.cgi?id=599138
------- Additional Comments from Josh Boyer <jwboyer(a)redhat.com>
No update in 4 months. Also there were fixes for NFS and CIFS for
suspend/resume that went into later kernels.
If you are still having issues with the 2.6.42.7 or newer kernel, please open a
new bug with relevant details.
Product: Fedora
Version: 16
Component: docbook-utils
Akira TAGOH <tagoh(a)redhat.com> has canceled Bug Zapper
<triage(a)lists.fedoraproject.org>'s request for needinfo:
Bug 662869: faulty and mal-formated section 3 manpages
https://bugzilla.redhat.com/show_bug.cgi?id=662869
------- Additional Comments from Akira TAGOH <tagoh(a)redhat.com>
the bug should be in docbook2man. reassigning to docbook-utils.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=250919
Bill Nottingham <notting(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEW
--- Comment #48 from Bill Nottingham <notting(a)redhat.com> 2012-02-15 16:53:33 EST ---
Re: comment #45
In current releases, IPv6 is built in, and systemd automatically runs
net.conf.<device> sysctls on device insertion. So, I believe sysctl.conf should
work, and should work much better than doing this in the ifup path.
Note that there's a bug report (bug 790610) about making this the default.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.