Red Hat Bugzilla – Bug 244721
ip6tables is not started on IPv6 enabled systems
Last modified: 2007-11-30 17:12:07 EST
Description of problem:
Fixing "bug" https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236888 causes
now, that ip6tables isn't started at all anymore because in this state (S08,
network has S10), the IPv6 module is usually not loaded.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. enable IPv6 e.g by putting NETWORKING_IPV6=yes to /etc/sysconfig/network
ip6tables isn't started, neither before nor after network initialization
ip6tables is started
put "modprobe ipv6" into /etc/rc.modules to load IPv6 module in rather early
step before ip6tables is checking for IPv6.
Seems like a security problem to me, so 'priority' should probably be higher.
While this flaw isn't a security vulnerability in itself, but is obviously a
very serious security oversight. We should fix this ASAP.
James, do you see any issues with the suggestion in bug 236888 with moving the
ip6tables service from S08 to S11?
Nothing happen since a month, are there any unrecognized dependencies?
Please have a look at iptables-1.3.8-2.fc7 in testing. This package will be
pushed live in a few hours.
Fixed in FC-6-updates in package iptables-1.3.8-2 or newer.