Bug 56717 - security update iptables throws away rc.d init
security update iptables throws away rc.d init
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-11-26 07:11 EST by Need Real Name
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-11-29 13:46:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-11-26 07:11:05 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.14 i686)

Description of problem:
I use my own /etc/rc.d/init.d/iptables script. After an update of the
iptables-package a customer called that he was unable to surf the internet
after a kernel upgrade (and a reboot). I discovered that ip_forward had a
"0" and that the entry that writes a "1" to it still was in my iptables
script. An nmap told me that iptables had not started at all and I was
quite upset to discover that the iptables upgrade had thrown away my
manually added /etc/rc.d/rc3.d/S08iptables symlink.

I have seen this phenomena on two machines with RH71.

I have no chkconfig entries in my iptables script.

Version-Release number of selected component (if applicable):


How reproducible:
Always I think

Steps to Reproduce:
1. rpm -Fhv iptables-1.2.4-0.71.i386.rpm
	

Additional info:

I've seen this on the only two RH71 machines with iptables that I have. All
other machines have RH62 installed with a tarball install of iptables.
Unfortunately I'm unable to reproduce this bug for the moment. I have a
little doubt that I have forgotten to insert the symlink on the two
machines, but I can't imagine that I really have forgotten this, because
one of these machines has rebooted few times in the last few weeks due to a
power failure. The customer would have noticed me immediately if they would
have been unable to access the internet.
Comment 1 Need Real Name 2001-11-29 13:46:16 EST
Could it maybe be the SysV-init update? I noticed that that this package is also
in the list of updates for RH71.

Richard.
Comment 2 Bernhard Rosenkraenzer 2002-01-22 10:21:18 EST
This is intentional, you're not supposed to edit the init scripts because they 
are usually updated by any new update. 
 
If you do edit init scripts, use a different name for them to make sure they 
don't get overwritten. I recommend using something along the lines of 
S40LOCALiptables

Note You need to log in before you can comment on or make changes to this bug.