From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.2) Gecko/20040301 Description of problem: I you select iptables or ip6tables in redhat-config-services-0.8.5-19, the utility locks up for about 5 minutes (even on a 2.4GHz system) while it does some kind of iptables-save style thing. Version-Release number of selected component (if applicable): redhat-config-services-0.8.5-19 How reproducible: Always Steps to Reproduce: 1. Launch redhat-config-services 2. Highlight iptables or ip6tables (whichever is active) 3. Actual Results: Utility locks up for a long time, at least 5 minutes. Expected Results: I would expect no lockup. Perhaps if the utilities mechanism for working out the firewall rules takes that long, why not just capture the output from an iptables-save or something like that? I know it isn't quite the same thing as what redhat-config-services displays, but it would be fast. Fact is, I though the thing had crashed so I killed it the first few times. It was by accident only (phone rang) that I left it long enough to complete its thing. Additional info: FC1 & FC2 have the same problem, and presumably more versions.
Internal RFE bug #129467 entered; will be considered for future releases.
When clicking on an entry, system-config-services should run "/sbin/service <service> status". In the case of iptables, it simply lists the tables. If this takes as long as you report, my guess is that it tries to resolve some IP addresses into names and runs into a timeout. Can you please check whether a manual "/sbin/service iptables status" as root takes equally long?
I think you may be right; on the system I just tested, redhat-config-services takes 1 minute 50 seconds, "service iptables status" takes 1 minute. There is a difference of almost x 2. On the command line it seems to hang trying to spit out each of these two lines: LOG all -- 192.0.2.0/24 anywhere LOG level warning prefix `TEST-NET: ' DROP all -- 192.0.2.0/24 anywhere L
I'm thinking about a way to keep the GUI responsive while a called script is in the works, but for the time being I have opened bug #129731 which addresses that iptables/ip6tables makes name lookups in the first place.
Barring any problems in iptables scripts, this is the same bug as bug #120579.
This seems to be fixed in system-config-services-0.9.1 as per bug #120579. Closing CURRENTRELEASE.