Bug 52876 - choosing no firewall still loads ipchains preventing iptables from working
choosing no firewall still loads ipchains preventing iptables from working
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: ipchains (Show other bugs)
7.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-30 08:29 EDT by Mat Davies
Modified: 2007-04-18 12:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-10-29 23:47:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mat Davies 2001-08-30 08:29:37 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)

Description of problem:
It looks like their's a minor but irrating bug in the installer
I have been trying to setup a iptables firewall using a new install
of rh7.1 I read the docs that said if you want to use iptables
select no firewalling on install as otherwise it installs ipchains
I did this but it still loads ipchains at startup, this took quite
awhile to figure out why it wasn't working.

might be worth fixing this or changing to docs to explain more
clearly that you have to disable ipchains (i did it use setup util)
else iptables fail even if the chains are empty.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. fresh install of rh7.1
2. select no firewall in installer
3. after install try iptables -L (it will fail to module because ipchains 
is already loaded)
	

Actual Results:  insmod is unable to load iptables.o as device is busy

Expected Results:  should list current empty tables

Additional info:

quick fix is just after install to disable loading
of the ipchains modules at startup
use setup util in system services disable ipchains 
and reboot. 
Proper fix:
can either change the installer to not load ipchains if
no firewall is set. or change to docs/install man to make
it clear that if you want to use iptables but must as well
as select no firewall on install but disable the ipchains
from startup.
Comment 1 Michael Fulbright 2001-08-31 10:54:22 EDT
Where did you see documentation about using iptables instead of ipchains?
Comment 2 Mat Davies 2001-09-03 04:48:52 EDT
the only place I can see now is
http://www.redhat.com/support/docs/gotchas/7.1/gotchas-71.html
this could be made a little clear that it's not just if you have
any ipchains setup but if it's loaded at all then iptables won't work.

To be honest I can't remmber where I saw it, it would have been the docs
available online though, went through basicly every doc I could find on 
installing iptables.

changing the online help info on the setting firewall options on the installer
to inform us that it loads ipchains and re-wording the gotchas would be 
enough I think. but I ideally not having ipchains in the startup if no 
firewalling is choosen would be better.
Comment 3 Matt Wilson 2001-09-05 18:02:50 EDT
initscript bug?
Comment 4 Need Real Name 2001-10-29 23:47:42 EST
Did anyone ever figure out how to install 7.1 and NOT get ipchains to install 
so we can use iptables?  I went to the work-arounds at 
http://www.redhat.com/support/docs/gotchas/7.1/gotchas-71.html
 and didn't see any solutions there.
Comment 5 Mike A. Harris 2001-10-30 02:20:55 EST
ashmere@gmx.net - This problem was fixed in Red Hat Linux 7.2, however
somehow the bug report never got updated.  The initscript now tests
for this, and should not load the ipchains module unless a firewall
has been configured.

Note You need to log in before you can comment on or make changes to this bug.