Bug 244721 - ip6tables is not started on IPv6 enabled systems
ip6tables is not started on IPv6 enabled systems
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
7
All Linux
high Severity high
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-18 15:07 EDT by Peter Bieringer
Modified: 2007-11-30 17:12 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-24 10:14:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2007-06-18 15:07:58 EDT
Description of problem:
Fixing "bug" https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236888 causes
now, that ip6tables isn't started at all anymore because in this state (S08,
network has S10), the IPv6 module is usually not loaded.

Version-Release number of selected component (if applicable):
iptables-ipv6-1.3.7-2

How reproducible:
Always

Steps to Reproduce:
1. enable IPv6 e.g by putting NETWORKING_IPV6=yes to /etc/sysconfig/network
3. reboot
  
Actual results:
ip6tables isn't started, neither before nor after network initialization

Expected results:
ip6tables is started

Additional info:

Current workaround:
put  "modprobe ipv6" into /etc/rc.modules to load IPv6 module in rather early
step before ip6tables is checking for IPv6.
Comment 1 Pekka Savola 2007-06-28 05:36:55 EDT
Seems like a security problem to me, so 'priority' should probably be higher.
Comment 2 Josh Bressers 2007-06-29 08:43:27 EDT
While this flaw isn't a security vulnerability in itself, but is obviously a
very serious security oversight.  We should fix this ASAP.

James, do you see any issues with the suggestion in bug 236888 with moving the
ip6tables service from S08 to S11?
Comment 4 Peter Bieringer 2007-07-26 07:25:14 EDT
Nothing happen since a month, are there any unrecognized dependencies?
Comment 5 Thomas Woerner 2007-09-18 09:09:02 EDT
Please have a look at iptables-1.3.8-2.fc7 in testing. This package will be
pushed live in a few hours.
Comment 6 Thomas Woerner 2007-09-24 10:14:50 EDT
Fixed in FC-6-updates in package iptables-1.3.8-2 or newer.

Note You need to log in before you can comment on or make changes to this bug.