Bug 17676 - No init.d startup script like w/ ipchains
No init.d startup script like w/ ipchains
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
7.1
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-09-19 04:00 EDT by Pekka Savola
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-17 13:26:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pekka Savola 2000-09-19 04:00:51 EDT
RH 7.0 Final.

There is no initialization script for iptables like
/etc/rc.d/init.d/ipchains.  As ipchains won't work anymore
(at least without a wrapper), such a thing should be implemented for
iptables too for a smoother 2.4
upgrade path.
Comment 1 Bernhard Rosenkraenzer 2000-09-23 10:55:05 EDT
This will be fixed when it becomes more current (iptables is for kernel 2.4).
Integrating this well is not exactly trivial; it takes some time.
Comment 2 Pekka Savola 2001-01-11 17:23:59 EST
This has to be reconsidered now.

One approach would be to use something like ipchains.  The latest iptables has support for these {-save,restore}.

Anyway, I'd prolly update to iptables-1.2.0
Comment 3 Bernhard Rosenkraenzer 2001-01-15 16:15:58 EST
Fixed && done
Comment 4 Pekka Savola 2001-01-16 18:43:13 EST
A few small bugs :-)

- please add ipchains-{save,restore}.8 too.  There is no --help ;-)
- add the init script to %files


# iptables -A INPUT -s 0/0 -j ACCEPT
iptables v1.2: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

It seems ip_tables module doesn't autoload.  This is a problem with the init script too.

Also, there seems to be 'gprintf' used.  This is probably due to i18n. Significant new initscripts 
versions or the like aren't required though.

Also, there are some stuff badly merged from ipchains.  At least (spaces prolly corrupted):

--- iptables.init.orig  Wed Jan 17 00:34:23 2001
+++ iptables.init       Wed Jan 17 00:35:53 2001
@@ -36,13 +36,13 @@
        if [ -f $IPTABLES_CONFIG ]; then
            # If we don't clear these first, we might be adding to
            #  pre-existing rules.
-           action "Flushing all current rules and user defined chains:" ipchains -F
-           action "Clearing all current rules and user defined chains:" ipchains -X
-           ipchains -Z
-           gprintf "Applying ipchains firewall rules: "
+           action "Flushing all current rules and user defined chains:" iptables -F
+           action "Clearing all current rules and user defined chains:" iptables -X
+           iptables -Z
+           gprintf "Applying iptables firewall rules: "
                grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -p -f && \
-                   success "Applying ipchains firewall rules" || \
-                   failure "Applying ipchains firewall rules"
+                   success "Applying iptables firewall rules" || \
+                   failure "Applying iptables firewall rules"
            echo
            touch /var/lock/subsys/iptables
        fi
---
Comment 5 Pekka Savola 2001-01-16 18:44:31 EST
Umm.  Now that I think about it

"user defined chains"

doesn't apply that well anymore..
Comment 6 Bernhard Rosenkraenzer 2001-01-17 13:26:53 EST
What's wrong with user defined chains?
The iptables man page refers to them all the time.
Comment 7 Bernhard Rosenkraenzer 2001-01-17 13:30:18 EST
The other things are fixed now. Please don't reopen this bug; if you're still
seeing problems, open a new one.
Comment 8 Pekka Savola 2001-01-17 13:43:04 EST
It just sounded a bit.. ipchainish.  ;-)

Note You need to log in before you can comment on or make changes to this bug.