View Issue Details

IDProjectCategoryView StatusLast Update
0018041CentOS-8NetworkManagerpublic2021-02-01 14:01
Reporter0andriy Assigned To 
PriorityurgentSeveritytweakReproducibilityalways
Status newResolutionopen 
Summary0018041: `nmcli con up ...` disrupts firewall for WiFi access point setup
Description`nmcli con up ...` puts twice the sections of firewall into FORWARD and INPUT chains. `nmcli con down ...` *of course* removes only first group of rules, so doing up/down sequences the rules are dusrupted by enormous amount of duplicate sections.

It is very annoying and adds another brick into the tomb of NM piece of...
Tagsfirewall, iptables, nmcli

Relationships

duplicate of 0018044 new `nmcli con up ...` disrupts firewall for WiFi access point setup 

Activities

0andriy

0andriy

2021-01-29 10:30

reporter   ~0038210

The example after doing up/down/up sequence (3 groups instead of single one):

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * wlp2s0 0.0.0.0/0 10.42.0.0/24 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- wlp2s0 * 10.42.0.0/24 0.0.0.0/0
    0 0 ACCEPT all -- wlp2s0 wlp2s0 0.0.0.0/0 0.0.0.0/0
    0 0 REJECT all -- * wlp2s0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
    0 0 REJECT all -- wlp2s0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
    0 0 ACCEPT all -- * wlp2s0 0.0.0.0/0 10.42.0.0/24 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- wlp2s0 * 10.42.0.0/24 0.0.0.0/0
    0 0 ACCEPT all -- wlp2s0 wlp2s0 0.0.0.0/0 0.0.0.0/0
    0 0 REJECT all -- * wlp2s0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
    0 0 REJECT all -- wlp2s0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
    0 0 ACCEPT all -- * wlp2s0 0.0.0.0/0 10.42.0.0/24 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- wlp2s0 * 10.42.0.0/24 0.0.0.0/0
    0 0 ACCEPT all -- wlp2s0 wlp2s0 0.0.0.0/0 0.0.0.0/0
    0 0 REJECT all -- * wlp2s0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
    0 0 REJECT all -- wlp2s0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Issue History

Date Modified Username Field Change
2021-01-29 09:52 0andriy New Issue
2021-01-29 09:52 0andriy Tag Attached: firewall
2021-01-29 09:52 0andriy Tag Attached: iptables
2021-01-29 09:52 0andriy Tag Attached: nmcli
2021-01-29 10:30 0andriy Note Added: 0038210
2021-02-01 14:01 abdur Issue cloned: 0018044
2021-02-01 14:01 abdur Relationship added duplicate of 0018044