Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 204061 Details for
Bug 295611
iptables setup broken with non-modular kernels
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Init script patch
iptables.init.patch (text/plain), 4.42 KB, created by
Thomas Woerner
on 2007-09-24 12:18:34 UTC
(
hide
)
Description:
Init script patch
Filename:
MIME Type:
Creator:
Thomas Woerner
Created:
2007-09-24 12:18:34 UTC
Size:
4.42 KB
patch
obsolete
>Index: iptables.init >=================================================================== >RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.init,v >retrieving revision 1.15 >diff -u -r1.15 iptables.init >--- iptables.init 19 Sep 2007 16:30:16 -0000 1.15 >+++ iptables.init 24 Sep 2007 12:16:16 -0000 >@@ -48,6 +48,34 @@ > # Load firewall configuration. > [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG" > >+# Netfilter modules >+NF_MODULES=(${IPV}_tables nf_conntrack_${_IPV}) >+NF_MODULES_COMMON=(x_tables nf_conntrack) # Used by netfilter v4 and v6 >+ >+# Are netfilter modules loaded? >+MODULES_LOADED=0 >+for mod in ${NF_MODULES[*]} ${NF_MODULES_COMMON[*]}; do >+ $(lsmod | grep -q ^${mod} | awk '{print $1}') >+ if [ $? -eq 0 ]; then >+ MODULES_LOADED=1 >+ break >+ fi >+done >+ >+# Get active tables >+NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null) >+ >+# Is netfilter compiled into the kernel? >+COMPILED_IN=0 >+if [ $MODULES_LOADED -eq 0 ]; then >+ [ -n "$NF_TABLES" ] && COMPILED_IN=1 >+fi >+ >+# Get status (quicker than status function and honour lock file) >+[ ! -f "$VAR_SUBSYS_IPTABLES" -o ! -e "$PROC_IPTABLES_NAMES" \ >+ -o -z "$NF_TABLES" ] && running=0 || running=1 >+ >+ > rmmod_r() { > # Unload module with all referring modules. > # At first all referring modules will be unloaded, then the module itself. >@@ -83,13 +111,12 @@ > [ -e "$PROC_IPTABLES_NAMES" ] || return 1 > > # Check if firewall is configured (has tables) >- tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null) >- [ -z "$tables" ] && return 1 >+ [ -z "$NF_TABLES" ] && return 1 > > echo -n $"Flushing firewall rules: " > ret=0 > # For all tables >- for i in $tables; do >+ for i in $NF_TABLES; do > # Flush firewall rules. > $IPTABLES -t $i -F; > let ret+=$?; >@@ -116,7 +143,7 @@ > [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 > > # Check if firewall is configured (has tables) >- tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null) >+ tables=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null) > [ -z "$tables" ] && return 1 > > echo -n $"Setting chains to policy $policy: " >@@ -203,14 +230,15 @@ > if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then > echo -n $"Unloading $IPTABLES modules: " > ret=0 >- rmmod_r ${IPV}_tables >- let ret+=$?; >- rmmod_r nf_conntrack_${_IPV} >- let ret+=$?; >+ for mod in ${NF_MODULES[*]}; do >+ rmmod_r $mod >+ let ret+=$?; >+ done > # try to unload remaining netfilter modules used by ipv4 and ipv6 > # netfilter >- rmmod_r x_tables >- rmmod_r nf_conntrack >+ for mod in ${NF_MODULES_COMMON[*]}; do >+ rmmod_r $mod >+ done > [ $ret -eq 0 ] && success || failure > echo > fi >@@ -224,8 +252,7 @@ > [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 > > # Check if firewall is configured (has tables) >- tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null) >- [ -z "$tables" ] && return 1 >+ [ -z "$NF_TABLES" ] && return 1 > > echo -n $"Saving firewall rules to $IPTABLES_DATA: " > >@@ -257,18 +284,21 @@ > } > > status() { >- tables=$(cat $PROC_IPTABLES_NAMES 2>/dev/null) >+ if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$NF_TABLES" ]; then >+ echo $"Firewall is not running." >+ return 3 >+ fi > > # Do not print status if lockfile is missing and iptables modules are not > # loaded. > # Check if iptable modules are loaded >- if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then >- echo $"Firewall is stopped." >+ if [ ! -e "$PROC_IPTABLES_NAMES" ]; then >+ echo $"Firewall modules not loaded." > return 3 > fi > > # Check if firewall is configured (has tables) >- if [ ! -e "$PROC_IPTABLES_NAMES" -o -z "$tables" ]; then >+ if [ -z "$NF_TABLES" ]; then > echo $"Firewall is not configured. " > return 3 > fi >@@ -280,7 +310,7 @@ > COUNT= > [ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers" > >- for table in $tables; do >+ for table in $NF_TABLES; do > echo $"Table: $table" > $IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo > done >@@ -294,17 +324,16 @@ > start > } > >-status >/dev/null 2>&1 >-running=$? > > case "$1" in > start) >- [ $running -eq 0 ] && exit 0 >+ [ $running -eq 1 -a $COMPILED_IN -eq 0 ] && exit 0 > start > RETVAL=$? > ;; > stop) >- [ $running -eq 0 ] || exit 0 >+ # stop firewall, even if manually configured >+ [ $running -eq 1 -o $MODULES_LOADED -eq 1 ] || exit 0 > [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save > stop > RETVAL=$? >@@ -314,7 +343,7 @@ > RETVAL=$? > ;; > condrestart|try-restart) >- [ $running -eq 0 ] || exit 0 >+ [ $running -eq 1 ] || exit 0 > restart > RETVAL=$? > ;;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=204061">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 295611
:
203201
| 204061 |
204311