From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030716 Description of problem: The module loading change in the recent iptables errata can now break a firewall after a simple "service iptables restart". Previously modules were not repeatedly loaded and unloaded. Currently module unloading cannot be relied on by production servers due to the possibility of modules wedging. I now need to comment out the module loading/unloading from the iptables init script to reliably restart firewalls under Red Hat Linux. I have repeated this problem under Red Hat 7.2 and 8.0 on several different machines. I'm sure it would also occur on 9 and any other version with the recent iptables errata. Version-Release number of selected component (if applicable): iptables-1.2.8-8.80.2 How reproducible: Sometimes Steps to Reproduce: 1.Create a firewall that relies on conntrack (and other modules) 2.service network restart 3.Repeat Actual Results: The init script attempts to unload the modules and fails part way through. Module Size Used by Not tainted ip_conntrack 0 0 (deleted) This partially unloaded module will prevent conntrack loading again until the system is rebooted. Expected Results: The iptables modules should not be unloaded. It is too risky. This would prevent the conntrack (or other) modules from wedging under normal conditions. Additional info:
*** This bug has been marked as a duplicate of 103177 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.