Bug 105757

Summary: "service iptables stop" hangs forever
Product: [Fedora] Fedora Reporter: Kaj J. Niemi <kajtzu>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: marius.andreiana
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-01 10:36:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
Test case /etc/sysconfig/iptables none

Description Kaj J. Niemi 2003-09-26 23:55:47 UTC
Description of problem:

iptables setup with port translation from common port to high port fails to stop
or restart (which is really the same thing as "stop", "start"), instead
"/sbin/service iptables stop" hangs forever as does any strace attempt on the
modprobe part. Modprobe utilizes 99% of CPU, driving load from 0.00 to 1.00.

Services active on the high port include things such as tomcat.

I'm able to reproduce this with all kernels I've tried this on including:

2.4.20-18.9
2.4.20-19.9
2.4.20-20.9
2.4.22-1.2051.nptl
2.4.22-1.2061.nptl


% ps ax
....
23069 pts/3    S      0:00 /bin/sh /sbin/service iptables stop
23072 pts/3    S      0:00 /bin/sh /etc/init.d/iptables stop
23111 pts/3    R      0:38 modprobe -r ipt_REDIRECT
23204 pts/3    R      0:00 ps ax
                                                                               
                                              
                                                                               
                                              Meanwhile:

% /sbin/service iptables status
Firewall is stopped.


Attached is a sample /etc/sysconfig/iptables which I'm able to get to hang.

Version-Release number of selected component (if applicable):
iptables-1.2.8-12.1

How reproducible:
Always


Additional info:

Workaround is to reboot when modifying iptables rulesets but that really blows.

Comment 1 Kaj J. Niemi 2003-09-26 23:57:01 UTC
Created attachment 94772 [details]
Test case /etc/sysconfig/iptables

Oh yeah, haven't touched /etc/sysconfig/iptables-config, it's at its defaults.

Comment 2 Bill Nottingham 2003-09-29 03:41:39 UTC
This is a kernel issue.

Comment 3 Michael Schwendt 2003-10-15 02:22:09 UTC
Looks like a duplicate of bug #103177 which is about Valhalla, but contains a
pointer to a fix.


Comment 4 Kaj J. Niemi 2003-10-16 14:18:48 UTC
Resolving as duplicate as earlier bug #103177 exists with the same symptoms.

*** This bug has been marked as a duplicate of 103177 ***