From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) Description of problem: It looks like their's a minor but irrating bug in the installer I have been trying to setup a iptables firewall using a new install of rh7.1 I read the docs that said if you want to use iptables select no firewalling on install as otherwise it installs ipchains I did this but it still loads ipchains at startup, this took quite awhile to figure out why it wasn't working. might be worth fixing this or changing to docs to explain more clearly that you have to disable ipchains (i did it use setup util) else iptables fail even if the chains are empty. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. fresh install of rh7.1 2. select no firewall in installer 3. after install try iptables -L (it will fail to module because ipchains is already loaded) Actual Results: insmod is unable to load iptables.o as device is busy Expected Results: should list current empty tables Additional info: quick fix is just after install to disable loading of the ipchains modules at startup use setup util in system services disable ipchains and reboot. Proper fix: can either change the installer to not load ipchains if no firewall is set. or change to docs/install man to make it clear that if you want to use iptables but must as well as select no firewall on install but disable the ipchains from startup.
Where did you see documentation about using iptables instead of ipchains?
the only place I can see now is http://www.redhat.com/support/docs/gotchas/7.1/gotchas-71.html this could be made a little clear that it's not just if you have any ipchains setup but if it's loaded at all then iptables won't work. To be honest I can't remmber where I saw it, it would have been the docs available online though, went through basicly every doc I could find on installing iptables. changing the online help info on the setting firewall options on the installer to inform us that it loads ipchains and re-wording the gotchas would be enough I think. but I ideally not having ipchains in the startup if no firewalling is choosen would be better.
initscript bug?
Did anyone ever figure out how to install 7.1 and NOT get ipchains to install so we can use iptables? I went to the work-arounds at http://www.redhat.com/support/docs/gotchas/7.1/gotchas-71.html and didn't see any solutions there.
ashmere - This problem was fixed in Red Hat Linux 7.2, however somehow the bug report never got updated. The initscript now tests for this, and should not load the ipchains module unless a firewall has been configured.