Red Hat Bugzilla – Bug 56717
security update iptables throws away rc.d init
Last modified: 2008-05-01 11:38:01 EDT
From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.14 i686) Description of problem: I use my own /etc/rc.d/init.d/iptables script. After an update of the iptables-package a customer called that he was unable to surf the internet after a kernel upgrade (and a reboot). I discovered that ip_forward had a "0" and that the entry that writes a "1" to it still was in my iptables script. An nmap told me that iptables had not started at all and I was quite upset to discover that the iptables upgrade had thrown away my manually added /etc/rc.d/rc3.d/S08iptables symlink. I have seen this phenomena on two machines with RH71. I have no chkconfig entries in my iptables script. Version-Release number of selected component (if applicable): How reproducible: Always I think Steps to Reproduce: 1. rpm -Fhv iptables-1.2.4-0.71.i386.rpm Additional info: I've seen this on the only two RH71 machines with iptables that I have. All other machines have RH62 installed with a tarball install of iptables. Unfortunately I'm unable to reproduce this bug for the moment. I have a little doubt that I have forgotten to insert the symlink on the two machines, but I can't imagine that I really have forgotten this, because one of these machines has rebooted few times in the last few weeks due to a power failure. The customer would have noticed me immediately if they would have been unable to access the internet.
Could it maybe be the SysV-init update? I noticed that that this package is also in the list of updates for RH71. Richard.
This is intentional, you're not supposed to edit the init scripts because they are usually updated by any new update. If you do edit init scripts, use a different name for them to make sure they don't get overwritten. I recommend using something along the lines of S40LOCALiptables