Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 128549 - redhat-config-services locks up for 5 minutes if iptables is selected
redhat-config-services locks up for 5 minutes if iptables is selected
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: redhat-config-services (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Nils Philippsen
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2004-07-25 02:01 EDT by Ian Laurie
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: 5.0.0
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-01-25 08:04:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ian Laurie 2004-07-25 02:01:30 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2)

Description of problem:
I you select iptables or ip6tables in redhat-config-services-0.8.5-19,
the utility locks up for about 5 minutes (even on a 2.4GHz system)
while it does some kind of iptables-save style thing.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Launch redhat-config-services
2. Highlight iptables or ip6tables (whichever is active)

Actual Results:  Utility locks up for a long time, at least 5 minutes.

Expected Results:  I would expect no lockup.  Perhaps if the utilities
mechanism for working out the firewall rules takes that long, why not
just capture the output from an iptables-save or something like that?
 I know it isn't quite the same thing as what redhat-config-services
displays, but it would be fast.

Fact is, I though the thing had crashed so I killed it the first few
times.  It was by accident only (phone rang) that I left it long
enough to complete its thing.

Additional info:

FC1 & FC2 have the same problem, and presumably more versions.
Comment 1 Suzanne Hillman 2004-08-09 11:14:12 EDT
Internal RFE bug #129467 entered; will be considered for future releases.
Comment 2 Nils Philippsen 2004-08-11 11:03:33 EDT
When clicking on an entry, system-config-services should run
"/sbin/service <service> status". In the case of iptables, it simply
lists the tables. If this takes as long as you report, my guess is
that it tries to resolve some IP addresses into names and runs into a
timeout. Can you please check whether a manual "/sbin/service iptables
status" as root takes equally long?
Comment 3 Ian Laurie 2004-08-11 17:31:51 EDT
I think you may be right; on the system I just tested,
redhat-config-services takes 1 minute 50 seconds, "service iptables
status" takes 1 minute.  There is a difference of almost x 2.  On the
command line it seems to hang trying to spit out each of these two lines:

LOG        all  --         anywhere           LOG level
warning prefix `TEST-NET: '
DROP       all  --         anywhere
Comment 4 Nils Philippsen 2004-08-12 05:25:46 EDT
I'm thinking about a way to keep the GUI responsive while a called
script is in the works, but for the time being I have opened bug
#129731 which addresses that iptables/ip6tables makes name lookups in
the first place.
Comment 5 Nils Philippsen 2004-08-16 02:56:33 EDT
Barring any problems in iptables scripts, this is the same bug as bug
Comment 6 Nils Philippsen 2007-01-25 08:04:03 EST
This seems to be fixed in system-config-services-0.9.1 as per bug #120579.

Note You need to log in before you can comment on or make changes to this bug.