Description of problem:
iptables setup with port translation from common port to high port fails to stop
or restart (which is really the same thing as "stop", "start"), instead
"/sbin/service iptables stop" hangs forever as does any strace attempt on the
modprobe part. Modprobe utilizes 99% of CPU, driving load from 0.00 to 1.00.
Services active on the high port include things such as tomcat.
I'm able to reproduce this with all kernels I've tried this on including:
% ps ax
23069 pts/3 S 0:00 /bin/sh /sbin/service iptables stop
23072 pts/3 S 0:00 /bin/sh /etc/init.d/iptables stop
23111 pts/3 R 0:38 modprobe -r ipt_REDIRECT
23204 pts/3 R 0:00 ps ax
% /sbin/service iptables status
Firewall is stopped.
Attached is a sample /etc/sysconfig/iptables which I'm able to get to hang.
Version-Release number of selected component (if applicable):
Workaround is to reboot when modifying iptables rulesets but that really blows.
Created attachment 94772 [details]
Test case /etc/sysconfig/iptables
Oh yeah, haven't touched /etc/sysconfig/iptables-config, it's at its defaults.
This is a kernel issue.
Looks like a duplicate of bug #103177 which is about Valhalla, but contains a
pointer to a fix.
Resolving as duplicate as earlier bug #103177 exists with the same symptoms.
*** This bug has been marked as a duplicate of 103177 ***