After switching to 2.6 rawhide kernel my station lost its firewall. It seems the iptables script no longuer loads the kernel modules it needs to work, and as a result it fails. This is a major showstopper and means rawhide can not be tested on an insecure network.
Created attachment 96551 [details] /etc/sysconfig/iptables
[nim@ulysse nim]$ rpm -q kernel kernel-2.6.0-0.test11.1.13 [nim@ulysse nim]$ rpm -q iptables iptables-1.2.8-13
What kind of error occurs? Can you attach the output of 'sh -x /etc/init.d/iptables start', please?
Created attachment 96583 [details] sh -x /etc/init.d/iptables start > /tmp/iplog 2>&1
The iptables rules file that you atteched only has 138 lines and the error occurs in line 142. Can you please search for the line, that is not working? You can do this by calling iptables line by line.
Sorry, I removed the -->% # Firewall configuration written by lokkit # Manual customization of this file is not recommended. # Note: ifup-post will punch the current nameservers through the # firewall; such entries will *not* be listed here. -->% header from the attachement. With it the rules have exactly 142 lines. (worked as-is with a 2.4 kernel, never put any iptable module definitions anywhere)
Can you reproduce ths error with a newer 2.6 kernel?
Unfortunately, yes : [root@ulysse root]# uname -a Linux ulysse 2.6.1-1.65 #1 Fri Jan 30 17:28:54 EST 2004 i686 i686 i386 GNU/Linux [root@ulysse root]# /etc/init.d/iptables restart Suppression des règles de pare-feu : [ OK ] Configuration des chaînes sur la politique ACCEPT :filter [ OK ] Déchargement des modules iptables : [ OK ] Application des règles de pare-feu iptables :iptables-restore: line 138 failed [ÃCHOUÃ] [root@ulysse root]# /sbin/lsmod Module Size Used by iptable_filter 2816 0 ip_tables 17280 1 iptable_filter snd_mixer_oss 18304 1 snd_cmipci 40760 1 snd_pcm 111880 1 snd_cmipci snd_page_alloc 11652 1 snd_pcm snd_opl3_lib 12672 1 snd_cmipci snd_timer 32388 2 snd_pcm,snd_opl3_lib snd_hwdep 9604 1 snd_opl3_lib snd_mpu401_uart 9984 1 snd_cmipci snd_rawmidi 28832 1 snd_mpu401_uart snd_seq_device 8328 2 snd_opl3_lib,snd_rawmidi snd 55012 9 snd_mixer_oss,snd_cmipci,snd_pcm,snd_opl3_lib,snd_timer,snd_hwdep,snd_mpu401_uart,snd_rawmidi,snd_seq_device soundcore 10720 2 snd mga 112044 2 md5 4224 1 ipv6 263552 10 parport_pc 39724 0 lp 12652 0 parport 47336 2 parport_pc,lp nfs 165180 54 lockd 62152 2 nfs sunrpc 157768 112 nfs,lockd 3c59x 39848 0 microcode 7200 0 hid 58176 0 uhci_hcd 42896 0 usbcore 119388 4 hid,uhci_hcd thermal 13200 0 processor 13988 1 thermal fan 4108 0 button 6168 0 battery 8972 0 asus_acpi 9368 0 ac 4876 0 ext3 128424 1 jbd 86040 1 ext3 raid1 21120 1
Fixed now The only remining sore point is contrack_ftp, but I "solved" it by putting it in the nat modules placeholder