Red Hat Bugzilla – Bug 56717
security update iptables throws away rc.d init
Last modified: 2008-05-01 11:38:01 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.14 i686)
Description of problem:
I use my own /etc/rc.d/init.d/iptables script. After an update of the
iptables-package a customer called that he was unable to surf the internet
after a kernel upgrade (and a reboot). I discovered that ip_forward had a
"0" and that the entry that writes a "1" to it still was in my iptables
script. An nmap told me that iptables had not started at all and I was
quite upset to discover that the iptables upgrade had thrown away my
manually added /etc/rc.d/rc3.d/S08iptables symlink.
I have seen this phenomena on two machines with RH71.
I have no chkconfig entries in my iptables script.
Version-Release number of selected component (if applicable):
Always I think
Steps to Reproduce:
1. rpm -Fhv iptables-1.2.4-0.71.i386.rpm
I've seen this on the only two RH71 machines with iptables that I have. All
other machines have RH62 installed with a tarball install of iptables.
Unfortunately I'm unable to reproduce this bug for the moment. I have a
little doubt that I have forgotten to insert the symlink on the two
machines, but I can't imagine that I really have forgotten this, because
one of these machines has rebooted few times in the last few weeks due to a
power failure. The customer would have noticed me immediately if they would
have been unable to access the internet.
Could it maybe be the SysV-init update? I noticed that that this package is also
in the list of updates for RH71.
This is intentional, you're not supposed to edit the init scripts because they
are usually updated by any new update.
If you do edit init scripts, use a different name for them to make sure they
don't get overwritten. I recommend using something along the lines of