Bug 303851

Summary: ip6tables startup complains "never matched protocol: 51"
Product: [Fedora] Fedora Reporter: Michal Jaegermann <michal>
Component: system-config-securitylevelAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 7CC: fortran, sconklin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.7.0-6.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-15 03:41:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Jaegermann 2007-09-24 19:10:14 UTC 
Description of problem:

When starting ip6tables with a default /etc/sysconfig/ip6tables
then the following shows up:

Applying ip6tables firewall rules: ip6_tables: (C) 2000-2006 Netfilter Core Team
Warning: never matched protocol: 51. use extension match instead.

The following line is obviously a problem:

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

although it is happily accepted by iptables.

Actually I do not recall seeing that earlier and now that message
shows up in F7, FC6 and rawhide. Kernel changes?

Version-Release number of selected component (if applicable):
iptables-ipv6-1.3.8-2.fc7

How reproducible:
always on a startup
Comment 1 Thomas Woerner 2007-09-26 15:44:01 UTC 
Assigning to system-config-securitylevel.
Comment 2 Fedora Update System 2007-11-09 23:58:46 UTC 
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update system-config-securitylevel'
Comment 3 Dennis DeDonatis 2007-11-10 21:27:48 UTC 
The same thing happens in Fedora 8.
Comment 4 Fedora Update System 2007-11-15 03:41:18 UTC 
system-config-securitylevel-1.7.0-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Matt Thompson 2008-02-14 13:07:53 UTC 
I am getting this error on my Fedora 8 startup (so I'm not sure if it's captured
by a log).  As in the original report, there is a port 51 line in
/etc/sysconfig/ip6tables that is probably causing it.  Also:

> rpm -q system-config-firewall
system-config-firewall-1.0.12-4.fc8.noarch

Since this is now in a different component and F level, should I open a new bug?
Comment 6 Thomas Woerner 2008-02-14 13:11:36 UTC 
Please use "lokkit -q" to update your firewall configuration and the problem
should be gone.
Comment 7 Matt Thompson 2008-02-14 16:55:18 UTC 
(In reply to comment #6)
> Please use "lokkit -q" to update your firewall configuration and the problem
> should be gone.

So it did.  Thank you.