179094 – init.d/iptables still doesn't know raw table

Bug 179094 - init.d/iptables still doesn't know raw table

Summary: init.d/iptables still doesn't know raw table

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	iptables
Sub Component:
Version:	rawhide
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-01-27 13:27 UTC by Maxim Britov
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-02-02 13:24:52 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Maxim Britov 2006-01-27 13:27:45 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5

Description of problem:
iptables still doesn't know raw table.
I gets error message about it at boot.
IMHO rc.d/init.d/iptbales should contain:
raw)
                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P POSTROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
                    || let ret+=1
                ;;


Version-Release number of selected component (if applicable):
iptables-1.3.4-3

How reproducible:
Always

Steps to Reproduce:
1.reboot
2.look messages
3.
  

Additional info:

Comment 1 Thomas Woerner 2006-01-27 13:43:15 UTC

There is no POSTROUTING in the raw table.

Comment 2 Maxim Britov 2006-01-28 13:23:11 UTC

yes, but you was wrong, on you closed this bug.
That was my stupid cute/paste bug from nat table :) I'm sorry about it.
it shoud be without POSTROUTING in raw table.
I'm use Russian, and i see error like:
I gets [FAIL] on service iptables stop

I inserted into /etc/rc.d/init.d/iptables from string 135 and it works fine for
me now.
raw)
   $IPTABLES -t raw -P PREROUTING $policy \
   && $IPTABLES -t raw -P OUTPUT $policy \
   || let ret+=1
;;

Comment 3 Thomas Woerner 2006-01-30 14:22:12 UTC

# iptables -t raw -P PREROUTING ACCEPT && iptables -t raw -P OUTPUT ACCEPT &&
echo "ACCEPT"
ACCEPT
# iptables -t raw -P PREROUTING DROP && iptables -t raw -P OUTPUT DROP && echo
"DROP"
DROP

# rpm -q kernel-smp
kernel-smp-2.6.15-1.1826.2.5_FC5
# rpm -q iptables
iptables-1.3.4-3

So I see no problem here. There is onther problem with netfilter in the pre
1.1881_FC5 kernels, please upgrade.

Comment 4 Maxim Britov 2006-01-30 15:14:24 UTC

We talking about different things. iptbales works fine fow me.
Probmlem in init.d/iptables file. That file doesn't contain info about "raw" table.
And \sbin\service iptbales stop or panic doesn't work fine for "raw" table.

Function set_policy() of init.d/iptables should set policy for all tables to $1.
It gets list tables: tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
then: for i in $tables; do
and: case "$i" in

That case operator know only: nat, filter, mangle tables. It doesn't know raw.
And after "/sbin/service iptbales stop" "raw" tables will contain old policy :(

Comment 5 Thomas Woerner 2006-02-02 13:24:52 UTC

Fixed in rawhide in rpm iptables-1.3.5-1.

Note You need to log in before you can comment on or make changes to this bug.