From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20030716

Description of problem:
The module loading change in the recent iptables errata can now break a firewall
after a simple "service iptables restart". Previously modules were not
repeatedly loaded and unloaded. Currently module unloading cannot be relied on
by production servers due to the possibility of modules wedging.

I now need to comment out the module loading/unloading from the iptables init
script to reliably restart firewalls under Red Hat Linux.

I have repeated this problem under Red Hat 7.2 and 8.0 on several different
machines. I'm sure it would also occur on 9 and any other version with the
recent iptables errata.

Version-Release number of selected component (if applicable):
iptables-1.2.8-8.80.2

How reproducible:
Sometimes

Steps to Reproduce:
1.Create a firewall that relies on conntrack (and other modules)
2.service network restart
3.Repeat

Actual Results:  The init script attempts to unload the modules and fails part
way through.

Module                  Size  Used by    Not tainted
ip_conntrack               0   0  (deleted)

This partially unloaded module will prevent conntrack loading again until the
system is rebooted.

Expected Results:  The iptables modules should not be unloaded. It is too risky.
This would prevent the conntrack (or other) modules from wedging under normal
conditions.

Additional info: