Bug 179094 - init.d/iptables still doesn't know raw table
init.d/iptables still doesn't know raw table
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-01-27 08:27 EST by Maxim Britov
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-02 08:24:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Maxim Britov 2006-01-27 08:27:45 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5

Description of problem:
iptables still doesn't know raw table.
I gets error message about it at boot.
IMHO rc.d/init.d/iptbales should contain:
                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P POSTROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
                    || let ret+=1

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
2.look messages

Additional info:
Comment 1 Thomas Woerner 2006-01-27 08:43:15 EST
There is no POSTROUTING in the raw table.
Comment 2 Maxim Britov 2006-01-28 08:23:11 EST
yes, but you was wrong, on you closed this bug.
That was my stupid cute/paste bug from nat table :) I'm sorry about it.
it shoud be without POSTROUTING in raw table.
I'm use Russian, and i see error like:
I gets [FAIL] on service iptables stop

I inserted into /etc/rc.d/init.d/iptables from string 135 and it works fine for
me now.
   $IPTABLES -t raw -P PREROUTING $policy \
   && $IPTABLES -t raw -P OUTPUT $policy \
   || let ret+=1

Comment 3 Thomas Woerner 2006-01-30 09:22:12 EST
# iptables -t raw -P PREROUTING ACCEPT && iptables -t raw -P OUTPUT ACCEPT &&
echo "ACCEPT"
# iptables -t raw -P PREROUTING DROP && iptables -t raw -P OUTPUT DROP && echo

# rpm -q kernel-smp
# rpm -q iptables

So I see no problem here. There is onther problem with netfilter in the pre
1.1881_FC5 kernels, please upgrade.
Comment 4 Maxim Britov 2006-01-30 10:14:24 EST
We talking about different things. iptbales works fine fow me.
Probmlem in init.d/iptables file. That file doesn't contain info about "raw" table.
And \sbin\service iptbales stop or panic doesn't work fine for "raw" table.

Function set_policy() of init.d/iptables should set policy for all tables to $1.
It gets list tables: tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
then: for i in $tables; do
and: case "$i" in

That case operator know only: nat, filter, mangle tables. It doesn't know raw.
And after "/sbin/service iptbales stop" "raw" tables will contain old policy :(
Comment 5 Thomas Woerner 2006-02-02 08:24:52 EST
Fixed in rawhide in rpm iptables-1.3.5-1.

Note You need to log in before you can comment on or make changes to this bug.