Description of problem: Before an update, and still in /etc/protocols provided by setup-2.5.49-1 used in FC5, we had such lines: ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 After that update protocols 50 and 51 changed like that: esp 50 ESP # Encap Security Payload ah 51 AH # Authentication Header The trouble is that in the past something (and it was not me) wrote in /etc/sysconfig/iptables: -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT and now '/etc/init.d/iptables start' fails with "unknown protocol". This results is no firewall at all. Editing /etc/sysconfig/iptables to replace 'ipv6-crypt' by 'esp' and 'ipv6-auth' by 'ah' makes iptables to work again. 'setup' package could do such edits in %post script thus preventing the failure. If this substitution does not make sense then incriminated lines should be removed by %post from /etc/sysconfig/iptables entirely. Version-Release number of selected component (if applicable): setup-2.5.54-1
I'll add those back again after the new "official" protocol names to provide backward compatibility. Package should be building real soon in Fedora Devel. Read ya, Phil