Red Hat Bugzilla – Bug 210546
setup updates /etc/protocols and creates troubles for iptables
Last modified: 2015-03-04 20:17:43 EST
Description of problem:
Before an update, and still in /etc/protocols provided by setup-2.5.49-1
used in FC5, we had such lines:
ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6
ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6
After that update protocols 50 and 51 changed like that:
esp 50 ESP # Encap Security Payload
ah 51 AH # Authentication Header
The trouble is that in the past something (and it was not me) wrote
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
and now '/etc/init.d/iptables start' fails with "unknown protocol".
This results is no firewall at all.
Editing /etc/sysconfig/iptables to replace 'ipv6-crypt' by 'esp'
and 'ipv6-auth' by 'ah' makes iptables to work again. 'setup' package
could do such edits in %post script thus preventing the failure.
If this substitution does not make sense then incriminated lines
should be removed by %post from /etc/sysconfig/iptables entirely.
Version-Release number of selected component (if applicable):
I'll add those back again after the new "official" protocol names to provide
backward compatibility. Package should be building real soon in Fedora Devel.
Read ya, Phil