From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5 Description of problem: iptables still doesn't know raw table. I gets error message about it at boot. IMHO rc.d/init.d/iptbales should contain: raw) $IPTABLES -t raw -P PREROUTING $policy \ && $IPTABLES -t raw -P POSTROUTING $policy \ && $IPTABLES -t raw -P OUTPUT $policy \ || let ret+=1 ;; Version-Release number of selected component (if applicable): iptables-1.3.4-3 How reproducible: Always Steps to Reproduce: 1.reboot 2.look messages 3. Additional info:
There is no POSTROUTING in the raw table.
yes, but you was wrong, on you closed this bug. That was my stupid cute/paste bug from nat table :) I'm sorry about it. it shoud be without POSTROUTING in raw table. I'm use Russian, and i see error like: I gets [FAIL] on service iptables stop I inserted into /etc/rc.d/init.d/iptables from string 135 and it works fine for me now. raw) $IPTABLES -t raw -P PREROUTING $policy \ && $IPTABLES -t raw -P OUTPUT $policy \ || let ret+=1 ;;
# iptables -t raw -P PREROUTING ACCEPT && iptables -t raw -P OUTPUT ACCEPT && echo "ACCEPT" ACCEPT # iptables -t raw -P PREROUTING DROP && iptables -t raw -P OUTPUT DROP && echo "DROP" DROP # rpm -q kernel-smp kernel-smp-2.6.15-1.1826.2.5_FC5 # rpm -q iptables iptables-1.3.4-3 So I see no problem here. There is onther problem with netfilter in the pre 1.1881_FC5 kernels, please upgrade.
We talking about different things. iptbales works fine fow me. Probmlem in init.d/iptables file. That file doesn't contain info about "raw" table. And \sbin\service iptbales stop or panic doesn't work fine for "raw" table. Function set_policy() of init.d/iptables should set policy for all tables to $1. It gets list tables: tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` then: for i in $tables; do and: case "$i" in That case operator know only: nat, filter, mangle tables. It doesn't know raw. And after "/sbin/service iptbales stop" "raw" tables will contain old policy :(
Fixed in rawhide in rpm iptables-1.3.5-1.