Bug 30908 - univention-firewall cannot be restarted in the UMC system service module
univention-firewall cannot be restarted in the UMC system service module
Status: NEW
Product: UCS
Classification: Unclassified
Component: Firewall (univention-firewall)
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
:
Depends on: 30599
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-26 15:58 CET by Moritz Muehlenhoff
Modified: 2020-06-22 15:40 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-03-26 15:58:52 CET
univention-firewall doesn't have a service definition for the UMC system services module.
Comment 1 Erik Damrose univentionstaff 2013-05-28 11:02:51 CEST
Unfortunately the fix is to big for an errata.
The init script for univention-firewall uses the UCRV security/packetfilter/disabled to check if it should be started or not. The system services module however does set this value to 'yes' if a service should be started. The inverse logic needed for this UCRV is not possible in the system services module.

A fix should change the UCRV to security/packetfilter/autostart. Additional logic is probably needed to determine if 'the iptables service is running'
Comment 2 Moritz Muehlenhoff univentionstaff 2013-05-31 10:43:39 CEST
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.
Comment 3 Erik Damrose univentionstaff 2013-09-16 11:18:03 CEST
(In reply to Erik Damrose from comment #1)
> Additional logic is probably needed to determine if 'the iptables service is running'
-> Bug 30599
Comment 4 Erik Damrose univentionstaff 2013-10-18 15:41:34 CEST
Moved target milestone, as bug 30599 is not fixed yet
Comment 5 Florian Best univentionstaff 2017-04-24 15:58:57 CEST
Maybe easier with UCS 4.2 now?
Comment 6 Michel Smidt 2017-04-24 22:04:31 CEST
Use case still relevant. Searched for it together with a school customer lately.
Comment 7 Florian Best univentionstaff 2017-06-28 14:52:15 CEST
There is a Customer ID set so I set the flag "Enterprise Customer affected".