Red Hat Bugzilla – Bug 52876
choosing no firewall still loads ipchains preventing iptables from working
Last modified: 2007-04-18 12:36:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)
Description of problem:
It looks like their's a minor but irrating bug in the installer
I have been trying to setup a iptables firewall using a new install
of rh7.1 I read the docs that said if you want to use iptables
select no firewalling on install as otherwise it installs ipchains
I did this but it still loads ipchains at startup, this took quite
awhile to figure out why it wasn't working.
might be worth fixing this or changing to docs to explain more
clearly that you have to disable ipchains (i did it use setup util)
else iptables fail even if the chains are empty.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. fresh install of rh7.1
2. select no firewall in installer
3. after install try iptables -L (it will fail to module because ipchains
is already loaded)
Actual Results: insmod is unable to load iptables.o as device is busy
Expected Results: should list current empty tables
quick fix is just after install to disable loading
of the ipchains modules at startup
use setup util in system services disable ipchains
can either change the installer to not load ipchains if
no firewall is set. or change to docs/install man to make
it clear that if you want to use iptables but must as well
as select no firewall on install but disable the ipchains
Where did you see documentation about using iptables instead of ipchains?
the only place I can see now is
this could be made a little clear that it's not just if you have
any ipchains setup but if it's loaded at all then iptables won't work.
To be honest I can't remmber where I saw it, it would have been the docs
available online though, went through basicly every doc I could find on
changing the online help info on the setting firewall options on the installer
to inform us that it loads ipchains and re-wording the gotchas would be
enough I think. but I ideally not having ipchains in the startup if no
firewalling is choosen would be better.
Did anyone ever figure out how to install 7.1 and NOT get ipchains to install
so we can use iptables? I went to the work-arounds at
and didn't see any solutions there.
email@example.com - This problem was fixed in Red Hat Linux 7.2, however
somehow the bug report never got updated. The initscript now tests
for this, and should not load the ipchains module unless a firewall
has been configured.