Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 82860 - /etc/init.d/ip6tables mistakenly refers to ipv4 iptables /proc files?
Summary: /etc/init.d/ip6tables mistakenly refers to ipv4 iptables /proc files?
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables
Version: 8.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-01-27 20:47 UTC by Need Real Name
Modified: 2007-04-18 16:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-07-03 09:34:20 UTC


Attachments (Terms of Use)

Description Need Real Name 2003-01-27 20:47:45 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Description of problem:
Line 54 in /etc/init.d/ip6tables refers to /proc/net/ip_tables_names to clear
out existing defined chains. Surely this should be /proc/net/ip6_tables_names? 
This generates an error when the internal chains for the different IP versions
differ.

Also the security guide, section "ip6tables" at:

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-firewall-ip6t.html

says that "IPChains and IPTables services must be turned off to use the
IP6Tables service". This doesn't appear to be true for this IPV6 newbie: the two
operate independently.

If I'm misunderstanding the inter-relationship between iptables in IPV4 and IPV6
my apologies.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set up different new user-defined chains in iptables for IPV4
2. service ip6tables start
3. See errors about non-existent tables for IPV6
    

Actual Results:  Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
ip6tables v1.2.5: can't initialize ip6tables table `nat': Table does not exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
...

Expected Results:  Flushing all current rules and user defined chains:        [
 OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying ip6tables firewall rules:                         [  OK  ]
                                                           [  OK  ]


Additional info:

Comment 1 Michael Schwendt 2003-02-01 21:38:00 UTC
1. Yes, should be /proc/net/ip6_tables_names.

2. You are right, IPv4 and IPv6 iptables can co-exist.

But the second bug report is about a documentation issue and hence should be
reported about "Component: rhl-sg" (Red Hat Linux Security Guide).

Comment 2 Thomas Woerner 2003-07-03 09:34:20 UTC
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an
additional config file.


/etc/sysconfig/iptables-config:
> # Additional iptables modules (nat helper)
> # Default: -empty-
> #IPTABLES_MODULES="ip_nat_ftp"
> 
> # Save current firewall rules on stop.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_STOP="no"
> 
> # Save current firewall rules on restart.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_RESTART="no"
> 
> # Save rule counter.
> # Value: yes|no,  default: yes
> #IPTABLES_SAVE_COUNTER="yes"
> 
> # Numeric status output
> # Value: yes|no,  default: no
> #IPTABLES_STATUS_NUMERIC="no"


RPM packages for 7.x:
http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm

RPM packages for 8.0:
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm

RPM packages for 9:
http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm



Note You need to log in before you can comment on or make changes to this bug.