Bug 38463 - iptables Script Producing No Output
iptables Script Producing No Output
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2001-04-30 17:24 EDT by Stacy Pennington
Modified: 2007-04-18 12:32 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-31 09:49:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stacy Pennington 2001-04-30 17:24:42 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2 i686)

Essentially, I cannot make "service iptables (anything)" produce any
output. It only takes me back to a prompt. "service ipchains (anything)"
works as expected.

Reproducible: Always
Steps to Reproduce:
1. Log in as root.

2. Type "service iptables status"

3. Or type "service iptables start" or "service iptables restart" or
"service iptables blahblah"

Actual Results:  Nothing happens. You are returned to a prompt immediately.

Expected Results:  In the case of a valid modifier, iptables should fulfill
the request. If the request was invalid, such as "service iptables
blahblah", it should have produced a usage list, as ipchains does.

I'm reasonably sure that this is a bug, but I could be wrong.

[root@bleach init.d]# rpm -q iptables
[root@bleach init.d]# chkconfig --list iptables
iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off

Please contact me if I can be of assistance.
Comment 1 Bernhard Rosenkraenzer 2001-05-01 17:19:35 EDT
You're probably already running an ipchains firewall. You can't use both at 
the same time, therefore the iptables init script exits immediately if it 
notices ipchains is in use.

Comment 2 Stacy Pennington 2001-05-01 17:56:30 EDT
I don't think that ipchains has anything do with it.

First of all, this is a stock 7.1 box set up with no firewall and no ipchains

Second, when I turn off ipchains using chkconfig and stop the ipchains service,
I get the same result. See this chains of events:

[root@bleach /root]# chkconfig --list ipchains
ipchains       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
[root@bleach /root]# chkconfig ipchains off
[root@bleach /root]# chkconfig --list ipchains
ipchains       	0:off	1:off	2:on	3:off	4:off	5:off	6:off
[root@bleach /root]# service ipchains sto 
Usage: /etc/init.d/ipchains {start|stop|restart|status|panic|save}
[root@bleach /root]# service ipchains stop
Flushing all chains:                                       [  OK  ]
Removing user defined chains:                              [  OK  ]
Resetting built-in chains to the default ACCEPT policy:    [  OK  ]
[root@bleach /root]# service iptables sadfsad
[root@bleach /root]# chkconfig --list iptables
iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
[root@bleach /root]# service iptables restart
[root@bleach /root]# more /etc/sysconfig/ipchains 
/etc/sysconfig/ipchains: No such file or directory
[root@bleach /root]# 

It just seems like "service iptables (whatever)" should give you some sort of
feedback, anything, even to say that ipchains is active and iptables cannot be

I mean, I can even see the line in the iptables script that should be output
when a random parameter is passed to the script (it reads echo $"Usage: $0
{start|stop|restart|condrestart|status|panic|save}"). But no matter what I do,
what I turn off, or whatever, I cannot get iptables to give me back that line.
ipchains gives it to me fine. Just not iptables.

Please let me know if I am being an idiot. Thanks.
Comment 3 John MacLean 2001-05-30 23:53:29 EDT
I encountered the same problem. The iptables script makes it pretty clear:
start() {
        # don't do squat if we don't have the config file
        if [ -f $IPTABLES_CONFIG ]; then

However, no default config script (/etc/sysconfig/iptables) is created when the
package is installed.
[root@thunder /root]# ls -l /etc/sysconfig/iptables
ls: /etc/sysconfig/iptables: No such file or directory
[root@thunder /root]# rpm -q iptables
[root@thunder /root]# rpm -ql iptables | grep sysconfig
[root@thunder /root]#

However, if I do..
[root@thunder /root]# service iptables save
Saving current rules to /etc/sysconfig/iptables:           [  OK  ]
[root@thunder /root]# service iptables start
Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
                                                           [  OK  ]
[root@thunder /root]# 

All is fine.
Comment 4 Stacy Pennington 2001-05-31 09:49:07 EDT
I actually found this yesterday as well (but I hadn't gotten around to posting
it on Bugzilla yet).

In addition, I had to rmmod ipchains to be get the iptables module loaded to
turn iptables on. Of course, ipchains and iptables cannot both be functioning in
the kernel at the same time. Then, why it is possible to enable both "services"
at a particular runlevel? Should iptables check to see if ipchains is already
configured to run at that runlevel and refuse to turn itself on if it is? (And
vice versa?)
Comment 5 Bernhard Rosenkraenzer 2001-07-10 10:15:08 EDT
1.2.2-3 adds warnings explaining why nothing is being done.

Note You need to log in before you can comment on or make changes to this bug.