Bug 80785
| Summary: | /etc/init.d/iptables status hangs | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Greg Pyhl <gregpyhl> |
| Component: | iptables | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.0 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-07-03 09:33:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Your problem is related to DNS and a terribly slow or unreachable nameserver. "iptables --list" does DNS lookups. "iptables --list --numeric" does not. iptables does not hang. It just has problems reaching your nameserver, resulting in either noticable delays or DNS lookup time-outs. Yes, the iptables command itself does not hang, but when saying /etc/init.d/iptables status a user will be frustrated when s/he has to wait several minutes. It does not matter is it because of DNS/iptables/whatever. These delays could easily be avoided with -n. Fixed in the new 1.2.8-4.x version. This version has a new startup script and an additional config file. /etc/sysconfig/iptables-config: > # Additional iptables modules (nat helper) > # Default: -empty- > #IPTABLES_MODULES="ip_nat_ftp" > > # Save current firewall rules on stop. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_STOP="no" > > # Save current firewall rules on restart. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_RESTART="no" > > # Save rule counter. > # Value: yes|no, default: yes > #IPTABLES_SAVE_COUNTER="yes" > > # Numeric status output > # Value: yes|no, default: no > #IPTABLES_STATUS_NUMERIC="no" RPM packages for 7.x: http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm RPM packages for 8.0: http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm RPM packages for 9: http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm |
Description of problem: When using unreachable FQDNs or dummy IP addresses (like 11.11.11.11) in /etc/sysconfig/iptables, /etc/init.d/iptables status command hangs every now and then. Version-Release number of selected component (if applicable): All. How reproducible: Almost always. Steps to Reproduce: 1.Add some rules with unreachable FQDNs or dummy IP addresses to /etc/sysconfig/iptables 2./etc/init.d/iptables status 3. Actual results: Command hangs for several minutes during execution. Expected results: Command should finish in seconds. Additional info: Fix: add -n switch to status) segment in the init script: - iptables -t $table --list + iptables -t $table --list -n This does not hang with dummy IP addresses or unreachable FQDNs.