Bug 860465

Summary: What happend with iptables? x86_64
Product: [Fedora] Fedora Reporter: Álvaro Castillo <midgoon>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 18CC: johannbg, jpopelka, lnykryn, lpoetter, metherid, msekleta, notting, plautrba, psabata, systemd-maint, twoerner, vpavlin
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-26 13:02:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Álvaro Castillo 2012-09-25 21:45:01 UTC 
Description of problem:
iptables is firewall one of Linux firewall. iptables not start, is shown as "dead" or inactive.

Version-Release number of selected component (if applicable):

systemd
==========
Versión     : 188
Lanzamiento     : 3.fc18
===========
iptables
=============
Versión     : 1.4.14
Lanzamiento     : 3.fc18

Steps to Reproduce:
1. service iptables status
2. service iptables restart
3. service iptables status
  
Actual results:

# service iptables status
Redirecting to /bin/systemctl status  iptables.service
iptables.service - IPv4 firewall with iptables
          Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled)
          Active: inactive (dead)
                  start condition failed at Tue, 25 Sep 2012 22:39:56 +0100; 2s ago
          CGroup: name=systemd:/system/iptables.service
Comment 1 Thomas Woerner 2012-09-26 13:02:07 UTC 
Fedora 18 is using firewalld as the default firewall solution. The services iptables and ip6tables are still available for backwards compatibility, but deactivated by default.
Comment 2 Thomas Woerner 2012-09-26 13:03:15 UTC 
See: https://fedoraproject.org/wiki/Features/firewalld-default
Comment 3 Jiri Popelka 2012-09-26 16:00:51 UTC 
(In reply to comment #1)
> The services iptables and ip6tables are still available for
> backwards compatibility, but deactivated by default.

That's right. The problem is that 'service iptables (re)start' always (even with firewalld removed) fails. The reason is that there's no default /etc/sysconfig/iptables. After 'touch /etc/sysconfig/iptables' iptables service is able to (re)start.
Shouldn't there be a default /etc/sysconfig/iptables for those who prefer iptables over firewalld ?
Comment 4 Lennart Poettering 2012-09-26 17:25:59 UTC 
Thomas, iptables.service is currently listed in the preset file we ship as something to enable by default. (because it is listed on https://fedoraproject.org/wiki/Starting_services_by_default) Shall I drop that from the preset list?
Comment 5 Thomas Woerner 2012-09-27 10:08:25 UTC 
Lennart, iptables.service and ip6tables.service can both be removed from the preset list. firewalld is mentioned in https://fedoraproject.org/wiki/Starting_services_by_default and should be on the preset list.
Comment 6 Thomas Woerner 2012-09-27 10:11:17 UTC 
Jiri: system-config-firewall / lokkit creates the iptables and ip6tables rules files. Also anaconda does up to now at installation time.