Bug 52876 - choosing no firewall still loads ipchains preventing iptables from working
Summary: choosing no firewall still loads ipchains preventing iptables from working
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ipchains (Show other bugs)
(Show other bugs)
Version: 7.1
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-08-30 12:29 UTC by Mat Davies
Modified: 2007-04-18 16:36 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-10-30 04:47:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Mat Davies 2001-08-30 12:29:37 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)

Description of problem:
It looks like their's a minor but irrating bug in the installer
I have been trying to setup a iptables firewall using a new install
of rh7.1 I read the docs that said if you want to use iptables
select no firewalling on install as otherwise it installs ipchains
I did this but it still loads ipchains at startup, this took quite
awhile to figure out why it wasn't working.

might be worth fixing this or changing to docs to explain more
clearly that you have to disable ipchains (i did it use setup util)
else iptables fail even if the chains are empty.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. fresh install of rh7.1
2. select no firewall in installer
3. after install try iptables -L (it will fail to module because ipchains 
is already loaded)
	

Actual Results:  insmod is unable to load iptables.o as device is busy

Expected Results:  should list current empty tables

Additional info:

quick fix is just after install to disable loading
of the ipchains modules at startup
use setup util in system services disable ipchains 
and reboot. 
Proper fix:
can either change the installer to not load ipchains if
no firewall is set. or change to docs/install man to make
it clear that if you want to use iptables but must as well
as select no firewall on install but disable the ipchains
from startup.

Comment 1 Michael Fulbright 2001-08-31 14:54:22 UTC
Where did you see documentation about using iptables instead of ipchains?

Comment 2 Mat Davies 2001-09-03 08:48:52 UTC
the only place I can see now is
http://www.redhat.com/support/docs/gotchas/7.1/gotchas-71.html
this could be made a little clear that it's not just if you have
any ipchains setup but if it's loaded at all then iptables won't work.

To be honest I can't remmber where I saw it, it would have been the docs
available online though, went through basicly every doc I could find on 
installing iptables.

changing the online help info on the setting firewall options on the installer
to inform us that it loads ipchains and re-wording the gotchas would be 
enough I think. but I ideally not having ipchains in the startup if no 
firewalling is choosen would be better.


Comment 3 Matt Wilson 2001-09-05 22:02:50 UTC
initscript bug?


Comment 4 Need Real Name 2001-10-30 04:47:42 UTC
Did anyone ever figure out how to install 7.1 and NOT get ipchains to install 
so we can use iptables?  I went to the work-arounds at 
http://www.redhat.com/support/docs/gotchas/7.1/gotchas-71.html
 and didn't see any solutions there.

Comment 5 Mike A. Harris 2001-10-30 07:20:55 UTC
ashmere@gmx.net - This problem was fixed in Red Hat Linux 7.2, however
somehow the bug report never got updated.  The initscript now tests
for this, and should not load the ipchains module unless a firewall
has been configured.



Note You need to log in before you can comment on or make changes to this bug.