Bug 32407 - QA0319: iptables kernel module doesn't load
Summary: QA0319: iptables kernel module doesn't load
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 7.1
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-03-20 16:41 UTC by Daniel Roesen
Modified: 2007-04-18 16:32 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-20 20:28:45 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Daniel Roesen 2001-03-20 16:41:25 UTC
[root@qa0319 /root]# iptables -L
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o:
init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including
invalid IO or IRQ parameters
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o: insmod
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-0.1.28/kernel/net/ipv4/netfilter/ip_tables.o: insmod
ip_tables failed
iptables v1.2: can't initialize iptables table `filter': iptables who? (do
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Removing the ipchains module (rmmod ipchains) fixes this.

Comment 1 Arjan van de Ven 2001-03-20 16:44:34 UTC
So if you want to use the new firewall rules, just remove the old compatibility?
Doesn't sound like a bug to me.

Comment 2 Daniel Roesen 2001-03-20 16:55:24 UTC
Besides that being very non-obvious, both supporting initscripts are enabled by
default:

[root@qa0319 /root]# chkconfig --list|grep ^ip
iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ipchains       	0:off	1:off	2:on	3:on	4:on	5:on	6:off


Comment 3 Arjan van de Ven 2001-03-22 10:54:03 UTC
This sounds like a userland configuration policy; assigning to ipchains.

Comment 4 Mike A. Harris 2001-03-23 10:38:00 UTC
I agree, however since the config tools favor ipchains, I think iptables
should be changed.  Doesn't make sense to start both at init time.
Actually it makes more sense to have one script called "ipfilter"
or "firewall" and have it deal with the logic of wether to start
ipchains or iptables, but that is not likely to happen anytime soon.

Reassigning to iptables.

Comment 5 Pekka Savola 2001-06-20 20:28:40 UTC
This is kinda moot point at this point IMO as the default iptables ruleset is empty.

People do start to wonder if they have both.

I suggest adding a failure notice in iptables (and perhaps also in ipchains) which checks whether either
 1) ipchains module is loaded
 2) /etc/sysconfig/ipchains or equiv is non-empty

.. or some other bright ideas.  The _default_ behaviour, until users start mixing the two is ok.


Comment 6 Bernhard Rosenkraenzer 2001-07-10 14:12:39 UTC
Warning added in 1.2.2-3



Note You need to log in before you can comment on or make changes to this bug.