Bug 56717 - security update iptables throws away rc.d init
Summary: security update iptables throws away rc.d init
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
(Show other bugs)
Version: 7.1
Hardware: i386 Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-11-26 12:11 UTC by Need Real Name
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-11-29 18:46:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Need Real Name 2001-11-26 12:11:05 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.14 i686)

Description of problem:
I use my own /etc/rc.d/init.d/iptables script. After an update of the
iptables-package a customer called that he was unable to surf the internet
after a kernel upgrade (and a reboot). I discovered that ip_forward had a
"0" and that the entry that writes a "1" to it still was in my iptables
script. An nmap told me that iptables had not started at all and I was
quite upset to discover that the iptables upgrade had thrown away my
manually added /etc/rc.d/rc3.d/S08iptables symlink.

I have seen this phenomena on two machines with RH71.

I have no chkconfig entries in my iptables script.

Version-Release number of selected component (if applicable):

How reproducible:
Always I think

Steps to Reproduce:
1. rpm -Fhv iptables-1.2.4-0.71.i386.rpm

Additional info:

I've seen this on the only two RH71 machines with iptables that I have. All
other machines have RH62 installed with a tarball install of iptables.
Unfortunately I'm unable to reproduce this bug for the moment. I have a
little doubt that I have forgotten to insert the symlink on the two
machines, but I can't imagine that I really have forgotten this, because
one of these machines has rebooted few times in the last few weeks due to a
power failure. The customer would have noticed me immediately if they would
have been unable to access the internet.

Comment 1 Need Real Name 2001-11-29 18:46:16 UTC
Could it maybe be the SysV-init update? I noticed that that this package is also
in the list of updates for RH71.


Comment 2 Bernhard Rosenkraenzer 2002-01-22 15:21:18 UTC
This is intentional, you're not supposed to edit the init scripts because they 
are usually updated by any new update. 
If you do edit init scripts, use a different name for them to make sure they 
don't get overwritten. I recommend using something along the lines of 

Note You need to log in before you can comment on or make changes to this bug.