Bug 128549 - redhat-config-services locks up for 5 minutes if iptables is selected
Summary: redhat-config-services locks up for 5 minutes if iptables is selected
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: redhat-config-services
Version: 3.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nils Philippsen
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-25 06:01 UTC by Ian Laurie
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version: 5.0.0
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-01-25 13:04:03 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Ian Laurie 2004-07-25 06:01:30 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2)
Gecko/20040301

Description of problem:
I you select iptables or ip6tables in redhat-config-services-0.8.5-19,
the utility locks up for about 5 minutes (even on a 2.4GHz system)
while it does some kind of iptables-save style thing.


Version-Release number of selected component (if applicable):
redhat-config-services-0.8.5-19

How reproducible:
Always

Steps to Reproduce:
1. Launch redhat-config-services
2. Highlight iptables or ip6tables (whichever is active)
3.
    

Actual Results:  Utility locks up for a long time, at least 5 minutes.

Expected Results:  I would expect no lockup.  Perhaps if the utilities
mechanism for working out the firewall rules takes that long, why not
just capture the output from an iptables-save or something like that?
 I know it isn't quite the same thing as what redhat-config-services
displays, but it would be fast.

Fact is, I though the thing had crashed so I killed it the first few
times.  It was by accident only (phone rang) that I left it long
enough to complete its thing.

Additional info:

FC1 & FC2 have the same problem, and presumably more versions.

Comment 1 Suzanne Hillman 2004-08-09 15:14:12 UTC
Internal RFE bug #129467 entered; will be considered for future releases.

Comment 2 Nils Philippsen 2004-08-11 15:03:33 UTC
When clicking on an entry, system-config-services should run
"/sbin/service <service> status". In the case of iptables, it simply
lists the tables. If this takes as long as you report, my guess is
that it tries to resolve some IP addresses into names and runs into a
timeout. Can you please check whether a manual "/sbin/service iptables
status" as root takes equally long?

Comment 3 Ian Laurie 2004-08-11 21:31:51 UTC
I think you may be right; on the system I just tested,
redhat-config-services takes 1 minute 50 seconds, "service iptables
status" takes 1 minute.  There is a difference of almost x 2.  On the
command line it seems to hang trying to spit out each of these two lines:

LOG        all  --  192.0.2.0/24         anywhere           LOG level
warning prefix `TEST-NET: '
DROP       all  --  192.0.2.0/24         anywhere
L


Comment 4 Nils Philippsen 2004-08-12 09:25:46 UTC
I'm thinking about a way to keep the GUI responsive while a called
script is in the works, but for the time being I have opened bug
#129731 which addresses that iptables/ip6tables makes name lookups in
the first place.

Comment 5 Nils Philippsen 2004-08-16 06:56:33 UTC
Barring any problems in iptables scripts, this is the same bug as bug
#120579.

Comment 6 Nils Philippsen 2007-01-25 13:04:03 UTC
This seems to be fixed in system-config-services-0.9.1 as per bug #120579.
Closing CURRENTRELEASE.


Note You need to log in before you can comment on or make changes to this bug.