From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2 i686) Essentially, I cannot make "service iptables (anything)" produce any output. It only takes me back to a prompt. "service ipchains (anything)" works as expected. Reproducible: Always Steps to Reproduce: 1. Log in as root. 2. Type "service iptables status" 3. Or type "service iptables start" or "service iptables restart" or "service iptables blahblah" Actual Results: Nothing happens. You are returned to a prompt immediately. Expected Results: In the case of a valid modifier, iptables should fulfill the request. If the request was invalid, such as "service iptables blahblah", it should have produced a usage list, as ipchains does. I'm reasonably sure that this is a bug, but I could be wrong. [root@bleach init.d]# rpm -q iptables iptables-1.2.1a-1 [root@bleach init.d]# chkconfig --list iptables iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off Please contact me if I can be of assistance.
You're probably already running an ipchains firewall. You can't use both at the same time, therefore the iptables init script exits immediately if it notices ipchains is in use.
I don't think that ipchains has anything do with it. First of all, this is a stock 7.1 box set up with no firewall and no ipchains rules. Second, when I turn off ipchains using chkconfig and stop the ipchains service, I get the same result. See this chains of events: [root@bleach /root]# chkconfig --list ipchains ipchains 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@bleach /root]# chkconfig ipchains off [root@bleach /root]# chkconfig --list ipchains ipchains 0:off 1:off 2:on 3:off 4:off 5:off 6:off [root@bleach /root]# service ipchains sto Usage: /etc/init.d/ipchains {start|stop|restart|status|panic|save} [root@bleach /root]# service ipchains stop Flushing all chains: [ OK ] Removing user defined chains: [ OK ] Resetting built-in chains to the default ACCEPT policy: [ OK ] [root@bleach /root]# service iptables sadfsad [root@bleach /root]# chkconfig --list iptables iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@bleach /root]# service iptables restart [root@bleach /root]# more /etc/sysconfig/ipchains /etc/sysconfig/ipchains: No such file or directory [root@bleach /root]# It just seems like "service iptables (whatever)" should give you some sort of feedback, anything, even to say that ipchains is active and iptables cannot be started. I mean, I can even see the line in the iptables script that should be output when a random parameter is passed to the script (it reads echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"). But no matter what I do, what I turn off, or whatever, I cannot get iptables to give me back that line. ipchains gives it to me fine. Just not iptables. Please let me know if I am being an idiot. Thanks.
I encountered the same problem. The iptables script makes it pretty clear: start() { # don't do squat if we don't have the config file if [ -f $IPTABLES_CONFIG ]; then .... fi } However, no default config script (/etc/sysconfig/iptables) is created when the package is installed. [root@thunder /root]# ls -l /etc/sysconfig/iptables ls: /etc/sysconfig/iptables: No such file or directory [root@thunder /root]# rpm -q iptables iptables-1.2.1a-1 [root@thunder /root]# rpm -ql iptables | grep sysconfig [root@thunder /root]# However, if I do.. [root@thunder /root]# service iptables save Saving current rules to /etc/sysconfig/iptables: [ OK ] [root@thunder /root]# service iptables start Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying iptables firewall rules: [ OK ] [ OK ] [root@thunder /root]# All is fine.
I actually found this yesterday as well (but I hadn't gotten around to posting it on Bugzilla yet). In addition, I had to rmmod ipchains to be get the iptables module loaded to turn iptables on. Of course, ipchains and iptables cannot both be functioning in the kernel at the same time. Then, why it is possible to enable both "services" at a particular runlevel? Should iptables check to see if ipchains is already configured to run at that runlevel and refuse to turn itself on if it is? (And vice versa?)
1.2.2-3 adds warnings explaining why nothing is being done.