Bug 124987

Summary: iptables fails to restart- failure to insert module ipt_state.o
Product: Red Hat Enterprise Linux 3 Reporter: Xander D Harkness <harkness>
Component: kernelAssignee: David Miller <davem>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: gbailey, nobody, petrides, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-19 19:25:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xander D Harkness 2004-06-01 19:43:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b)
Gecko/20040421

Description of problem:
After a period of time it becomes impossible to restart iptables.  I
receive a series of errors, it seems to stem from the failure to
remove the ip_conntrack module.

Version-Release number of selected component (if applicable):
iptables-1.2.8-12.3 kernel-2.4.21-15.EL

How reproducible:
Sometimes

Steps to Reproduce:
1.Leave server up for a period of time (I encountered it this time
after 45 days uptime)
2.run server with a series of iptables rules
3.run service iptables restart
    

Actual Results:  service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [FAILED]
Applying iptables firewall rules: iptables-restore: line 19 failed
                                                           [FAILED]


###################################


Jun  1 18:58:37 burrow iptables:  succeeded
Jun  1 18:58:38 burrow iptables:  failed
Jun  1 18:58:38 burrow kernel: ip_tables: (C) 2000-2002 Netfilter core
team
Jun  1 18:58:39 burrow insmod:
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
insmod ipt_state failed
Jun  1 18:58:39 burrow iptables:  failed


######################################


modprobe ipt_state
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
unresolved symbol ip_conntrack_get_Ra6f02512
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
unresolved symbol ip_conntrack_module_Rb0361033
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
insmod
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o failed
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
insmod ipt_state failed


Expected Results:  iptables modules should be reloaded cleanly and the
firewall restarted

Additional info:

lsmod output:

Module                  Size  Used by    Not tainted
iptable_filter          2412   0  (autoclean) (unused)
ip_tables              15776   1  [iptable_filter]
ip_conntrack               0   0  (deleted)
cls_route               5400   0  (unused)
cls_u32                 6268   0
cls_fw                  3512   0  (unused)
sch_prio                3936   0  (unused)
sch_sfq                 4128   0  (unused)
sch_tbf                 4288   0
sch_cbq                14880   0
autofs                 13204   0  (autoclean) (unused)
ne2k-pci                7072   1
8390                    8064   0  [ne2k-pci]
crc32                   3712   0  [8390]
3c59x                  29616   1
natsemi                19040   1
ipv6                  221344  -1
floppy                 56592   0  (autoclean)
sg                     36140   0  (autoclean) (unused)
scsi_mod              103464   1  (autoclean) [sg]
loop                   11928   0  (autoclean)
lvm-mod                64224   0
keybdev                 2976   0  (unused)
mousedev                5492   0  (unused)
hid                    22084   0  (unused)
input                   5856   0  [keybdev mousedev hid]
usb-uhci               25836   0  (unused)
usbcore                77152   1  [hid usb-uhci]
ext3                   85704   4
jbd                    50572   4  [ext3]

Comment 1 Thomas Woerner 2004-06-02 08:10:07 UTC
This is a kernel netfilter problem. Assigning to kernel.

Comment 2 Greg Bailey 2005-09-17 05:38:26 UTC
I also encounter this bug.  In attempting to reproduce, I stumbled upon a way to
oops the kernel by unloading and reloading iptables modules.  I've opened a
bugzilla entry against the kernel at:

http://bugzilla.kernel.org/show_bug.cgi?id=5248

Don't know for sure if it's the same issue or not, but I've definitely seen this
too...

Comment 3 Greg Bailey 2005-09-20 18:47:49 UTC
A workaround for this appears to be:

service network restart

Seems to free up whatever the modprobe is waiting on...

Comment 4 RHEL Program Management 2007-10-19 19:25:08 UTC
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.