Bug 754019

Summary: iptables.init: [FAILED] and ip6tables.init: [FAILED] with glibc--2.14.90-16.x86_64
Product: [Fedora] Fedora Reporter: Mihai Harpau <mishu>
Component: glibcAssignee: Andreas Schwab <schwab>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: fweimer, jakub, law, schwab
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-15 09:22:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mihai Harpau 2011-11-15 07:06:00 UTC 
Description of problem:
After update to glibc--2.14.90-16.x86_64 from updates-testing I see this in dmesg:
[   26.306291] iptables.init[1011]: iptables: Applying firewall rules: /usr/libexec/iptables.init: line 176:  1040 Aborted                 $IPTABLES-restore $OPT $IPTABLES_DATA
[   26.371874] iptables.init[1011]: [FAILED]
.....
[   26.404047] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   26.415782] ip6tables.init[1010]: ip6tables: Applying firewall rules: /usr/libexec/ip6tables.init: line 176:  1027 Aborted                 $IP6TABLES-restore $OPT $IP6TABLES_DATA
[   26.418548] ip6tables.init[1010]: [FAILED]



Version-Release number of selected component (if applicable):
F16 up-to-date
glibc--2.14.90-16.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Mihai Harpau 2011-11-15 07:15:27 UTC 
I see these also:

[mihai@netop ~]$ systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
	  Loaded: loaded (/lib/systemd/system/iptables.service; enabled)
	  Active: failed since Tue, 15 Nov 2011 08:50:48 +0200; 21min ago
	 Process: 1011 ExecStart=/usr/libexec/iptables.init start (code=exited, status=1/FAILURE)
	  CGroup: name=systemd:/system/iptables.service

[mihai@netop ~]$ systemctl status ip6tables.service
ip6tables.service - IPv6 firewall with ip6tables
	  Loaded: loaded (/lib/systemd/system/ip6tables.service; enabled)
	  Active: failed since Tue, 15 Nov 2011 08:50:48 +0200; 22min ago
	 Process: 1010 ExecStart=/usr/libexec/ip6tables.init start (code=exited, status=1/FAILURE)
	  CGroup: name=systemd:/system/ip6tables.service


If I downgrade to glibc--2.14.90-14.x86_64 then all is OK.
Comment 2 Mihai Harpau 2011-11-15 07:29:56 UTC 
With glibc-2.14.90-14.x86_64:

[root@netop ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:isakmp
ACCEPT     udp  --  anywhere             224.0.0.251          state NEW udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:ipp
ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:netbios-ns
ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:netbios-dgm
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24     state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Comment 3 Mihai Harpau 2011-11-15 07:31:08 UTC 
With glibc-2.14.90-16.x86_64:

[root@netop ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24     state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Comment 4 Andreas Schwab 2011-11-15 08:53:58 UTC 
Testcase?
Comment 5 Mihai Harpau 2011-11-15 09:14:24 UTC 
Testcase:
1. yum --enablerepo=updates-testing update glibc\*
2. reboot
3. see in dmesg messages from comment #0
Comment 6 Andreas Schwab 2011-11-15 09:22:22 UTC 

*** This bug has been marked as a duplicate of bug 754026 ***