Bug 32407

Summary: QA0319: iptables kernel module doesn't load
Product: [Retired] Red Hat Linux Reporter: Daniel Roesen <dr>
Component: iptablesAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-06-20 20:28:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Roesen 2001-03-20 16:41:25 UTC 
[root@qa0319 /root]# iptables -L
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o:
init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including
invalid IO or IRQ parameters
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o: insmod
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o: insmod
ip_tables failed
iptables v1.2: can't initialize iptables table `filter': iptables who? (do
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Removing the ipchains module (rmmod ipchains) fixes this.
Comment 1 Arjan van de Ven 2001-03-20 16:44:34 UTC 
So if you want to use the new firewall rules, just remove the old compatibility?
Doesn't sound like a bug to me.
Comment 2 Daniel Roesen 2001-03-20 16:55:24 UTC 
Besides that being very non-obvious, both supporting initscripts are enabled by
default:

[root@qa0319 /root]# chkconfig --list|grep ^ip
iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ipchains       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
Comment 3 Arjan van de Ven 2001-03-22 10:54:03 UTC 
This sounds like a userland configuration policy; assigning to ipchains.
Comment 4 Mike A. Harris 2001-03-23 10:38:00 UTC 
I agree, however since the config tools favor ipchains, I think iptables
should be changed.  Doesn't make sense to start both at init time.
Actually it makes more sense to have one script called "ipfilter"
or "firewall" and have it deal with the logic of wether to start
ipchains or iptables, but that is not likely to happen anytime soon.

Reassigning to iptables.
Comment 5 Pekka Savola 2001-06-20 20:28:40 UTC 
This is kinda moot point at this point IMO as the default iptables ruleset is empty.

People do start to wonder if they have both.

I suggest adding a failure notice in iptables (and perhaps also in ipchains) which checks whether either
 1) ipchains module is loaded
 2) /etc/sysconfig/ipchains or equiv is non-empty

.. or some other bright ideas.  The _default_ behaviour, until users start mixing the two is ok.
Comment 6 Bernhard Rosenkraenzer 2001-07-10 14:12:39 UTC 
Warning added in 1.2.2-3