From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0) Description of problem: Issuing "/sbin/ipchains -L" or other ipchains commands will cause it to say "Incompatible with this kernel" if /etc/sysconfig/ipchains has not at least once been present when ipchains was run since reboot. How reproducible: Every time. Steps to Reproduce: 1.Remove /etc/sysconfig/ipchains (if present) 2.Reboot. 3.Issue "/sbin/ipchains -L" or "/sbin/ipchains -F" etc. Actual Results: ipchains: Incompatible with this kernel Expected Results: It should have said something like: "Config file /etc/sysconfig/ipchains not found" Additional info: If you create /etc/sysconfig/ipchains and run /sbin/ipchains just once with the file present, every subsequent time it will work, even if you remove the config file.
This is not a bug. The 2.4.x kernel has a totally brand new firewall interface called "netfilter". When used in its native mode, netfilter is configured using the "iptables" command. netfilter also has backward compatibility modules however so that you can use an ipchains or ipfwadm based firewall script with the new netfilter without worrying about having to completely rewrite all of your existing firewall code. In order to maintain backward compatibility with our previous releases, we decided to continue using ipchains as the supported firewall interface. All of our distribution supplied tools use the netfilter ipchains interface. Our startup scripts for ipchains firewalling load the iptables "ipchains" personality module when the firewall is enabled. If you disable our supplied firewall script, then the module does not get loaded. If you want to use an alternative ipchains based firewall script, you will have to manually load the ipchains personality module yourself from your own scripts, or even better - avoid ipchains, and use iptables natively. Hope this helps.