Bug 456244
Summary: | TOS field error | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Oleg Aprotskiy <oleg> | ||||
Component: | iptables | Assignee: | Thomas Woerner <twoerner> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 9 | CC: | vchelban | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-09-11 16:59:49 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Oleg Aprotskiy
2008-07-22 13:52:35 UTC
When I load my rules and execute iptables-save, I saw: -A POSTROUTING -A POSTROUTING -A POSTROUTING -m tos --tos 0x08/0xff -A POSTROUTING -m tos --tos 0x08/0xff -A POSTROUTING -m tos --tos 0x08/0xff -m mark --mark 0x0 -j MARK -A POSTROUTING -m tos --tos 0x08/0xff -m mark --mark 0x0 -j MARK -A POSTROUTING -m tos --tos 0x08/0xff -m mark --mark 0x0 -j MARK -A POSTROUTING -m tos --tos 0x08/0xff -m mark --mark 0x0 -j MARK -A POSTROUTING -m tos --tos 0x08/0xff -m mark --mark 0x0 -j MARK --set-xmark 0x15/0xffffffff -A POSTROUTING -m mark --mark 0x0 -j MARK --set-xmark 0x16/0xffffffff iptables-1.4.1.1-2.fc9 has been submitted as an update for Fedora 9 iptables-1.4.1.1-2.fc8 has been submitted as an update for Fedora 8 iptables-1.4.1.1-2.fc9.i386 1. Don't work iptables-restore: # iptables-restore --verbose < iptables iptables-restore v1.4.1.1: iptables-restore: unable to initialize table 'mangle' Error occurred at line: 1 Try `iptables-restore -h' or 'iptables-restore --help' for more information. 2. # iptables-restore v1.4.1.1: iptables-restore: unable to initialize table 'filter' Error occurred at line: 78 Try `iptables-restore -h' or 'iptables-restore --help' for more information. 3. Don't work iptables-save: # iptables-save iptables-save v1.4.1.1: Unable to open /proc/net/ip_tables_names: No such file or directory Problem was when iptables start without any rules Could it be that you are not root or that there are no netfilter kernel modules (maybe after kernel update)? (In reply to comment #6) > Could it be that you are not root or that there are no netfilter kernel modules > (maybe after kernel update)? no, user - root. Problem was when theare is no file /etc/sysconfig/iptables, in other case - all works. + I have: kernel-2.6.25.10-86.fc9.i686 Ok, please attach the iptables file you have restored with iptables-restore. This is a SElinux problem. If you set SELinux in permissive mode (setenforce 0), it is working. Created attachment 312588 [details]
My iptables config file
All good work, but there is problem with selinux, when I try to save config with iptables-save # iptables-save > /root/iptables.sav host=sun.fedoramd.org type=AVC msg=audit(1216928239.430:553): avc: denied { write } for pid=30553 comm="iptables-save" path="/root/iptables.sav" dev=dm-1 ino=358424 scontext=unconfined_u:unconfined_r:iptables_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file host=sun.fedoramd.org type=SYSCALL msg=audit(1216928239.430:553): arch=40000003 syscall=11 success=yes exit=0 a0=8437b80 a1=83a5b80 a2=842f970 a3=0 items=0 ppid=29773 pid=30553 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=1 comm="iptables-save" exe="/sbin/iptables-save" subj=unconfined_u:unconfined_r:iptables_t:s0-s0:c0.c1023 key=(null) -rw-r--r-- root root unconfined_u:object_r:user_home_t /root/iptables.sav P.S. restorecon /root/iptables.sav don't help me. iptables-1.4.1.1-2.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update iptables'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6795 iptables-1.4.1.1-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. iptables-1.4.1.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. |