Bug 1491963

Summary: iptables-restore --wait have race on module loading [rhel-7.4.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: iptablesAssignee: Phil Sutter <psutter>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: high    
Version: 7.4CC: ajb, atragler, baumanmo, dwd, egarver, igkioka, iptables-maint-list, kajtzu, pasik, psutter, redhat-bugzilla, riehecky, tis, todoleza, toracat
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: iptables-1.4.21-18.2.el7_4 Doc Type: Bug Fix
Doc Text:
Previously, when stopping iptables or ip6tables services, a script tried to unload the netfilter modules related to the given address family. Since there were modules that both address families used, a potential race condition created when both services restarted simultaneously. This update adds the AFTER and BEFORE keywords in the service files. As a result, both services run in sequence, and "systemctl restart iptables ip6tables" works as expected.
Story Points: ---
Clone Of: 1486803 Environment:
Last Closed: 2017-10-19 14:58:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1438937, 1486803, 1544921, 1544922, 1544923    
Bug Blocks:    

Description Oneata Mircea Teodor 2017-09-15 07:13:53 UTC
This bug has been copied from bug #1486803 and has been proposed to be backported to 7.4 z-stream (EUS).

Comment 5 errata-xmlrpc 2017-10-19 14:58:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Comment 6 Robert Scheck 2017-10-21 23:38:37 UTC
Obviously, the QA for this update was incomplete, leading to bug #1499367 now.