Bug 1491963 - iptables-restore --wait have race on module loading [rhel-7.4.z]
Summary: iptables-restore --wait have race on module loading [rhel-7.4.z]
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: iptables
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Phil Sutter
QA Contact: qe-baseos-daemons
Depends On: 1438937 1486803 1544921 1544922 1544923
TreeView+ depends on / blocked
Reported: 2017-09-15 07:13 UTC by Oneata Mircea Teodor
Modified: 2018-02-14 12:40 UTC (History)
15 users (show)

Fixed In Version: iptables-1.4.21-18.2.el7_4
Doc Type: Bug Fix
Doc Text:
Previously, when stopping iptables or ip6tables services, a script tried to unload the netfilter modules related to the given address family. Since there were modules that both address families used, a potential race condition created when both services restarted simultaneously. This update adds the AFTER and BEFORE keywords in the service files. As a result, both services run in sequence, and "systemctl restart iptables ip6tables" works as expected.
Clone Of: 1486803
Last Closed: 2017-10-19 14:58:45 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2919 0 normal SHIPPED_LIVE iptables bugfix update 2017-10-19 18:44:49 UTC

Description Oneata Mircea Teodor 2017-09-15 07:13:53 UTC
This bug has been copied from bug #1486803 and has been proposed to be backported to 7.4 z-stream (EUS).

Comment 5 errata-xmlrpc 2017-10-19 14:58:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Comment 6 Robert Scheck 2017-10-21 23:38:37 UTC
Obviously, the QA for this update was incomplete, leading to bug #1499367 now.

Note You need to log in before you can comment on or make changes to this bug.