Bug 40429 - ipchains says "Incompatible with this kernel" if no /etc/sysconfig/ipchains exists
ipchains says "Incompatible with this kernel" if no /etc/sysconfig/ipchains e...
Product: Red Hat Linux
Classification: Retired
Component: ipchains (Show other bugs)
i586 Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2001-05-13 16:47 EDT by Daniel G. Link
Modified: 2007-04-18 12:33 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-13 16:47:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel G. Link 2001-05-13 16:47:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)

Description of problem:
Issuing "/sbin/ipchains -L" or other ipchains commands will cause it to 
say "Incompatible with this kernel" if /etc/sysconfig/ipchains has not at 
least once been present when ipchains was run since reboot.

How reproducible:
Every time.

Steps to Reproduce:
1.Remove /etc/sysconfig/ipchains (if present)
3.Issue "/sbin/ipchains -L" or "/sbin/ipchains -F" etc.

Actual Results:  ipchains: Incompatible with this kernel

Expected Results:  It should have said something like: "Config 
file /etc/sysconfig/ipchains not found"

Additional info: If you create /etc/sysconfig/ipchains and 
run /sbin/ipchains just once with the file present, every subsequent time 
it will work, even if you remove the config file.
Comment 1 Mike A. Harris 2001-05-13 17:27:22 EDT
This is not a bug.  The 2.4.x kernel has a totally brand new firewall interface
called "netfilter".  When used in its native mode, netfilter is configured using
the "iptables" command.  netfilter also has backward compatibility modules
however so that you can use an ipchains or ipfwadm based firewall script
with the new netfilter without worrying about having to completely rewrite all
of your existing firewall code.  In order to maintain backward compatibility
with our previous releases, we decided to continue using ipchains as the
supported firewall interface.  All of our distribution supplied tools use
the netfilter ipchains interface.  Our startup scripts for ipchains firewalling
load the iptables "ipchains" personality module when the firewall is enabled.
If you disable our supplied firewall script, then the module does not get

If you want to use an alternative ipchains based firewall script, you will
have to manually load the ipchains personality module yourself from your own
scripts, or even better - avoid ipchains, and use iptables natively.

Hope this helps.

Note You need to log in before you can comment on or make changes to this bug.