Bug 60465 - iptables 1.2.4 fails to work with kernel 2.4.18
iptables 1.2.4 fails to work with kernel 2.4.18
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
7.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-02-27 18:23 EST by Joe Acosta
Modified: 2007-04-18 12:40 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-02-27 20:34:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joe Acosta 2002-02-27 18:23:30 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7) Gecko/20011221

Description of problem:
I tried to run 2.4.18 kernel with RH 7.2 and it iptables failed to load tables

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. using RH 7.2 upgrade the kernel to 2.4.18
2. make sure you enable iptables 
3. make sure you have some tables set up 
4. make sure you have it set to start on boot (/etc/init.d/iptables start)
5. reboot system
6. you'll see messages and iptables -L will show system opn wide.	

Actual Results:  Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
iptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -242:  1222 Aborted
iptables
-t $i -Fiptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -239:  1225 Aborted
iptables
-t $i -Xiptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -235:  1228 Aborted
iptables
-t $i -ZApplying iptables firewall rules:
iptables-restore: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -232:  1230 Done                    grep
-v
"^[[:space:]]*#" $IPTABLES_CONFIG
      1231                       | grep -v '^[[:space:]]*$'
      1232 Aborted                 | /sbin/iptables-restore -c



Expected Results:  expected iptables to load with an OK

Additional info:

Apparently according to Alan Cox RH compiled iptables with debugging or
something and this is causing it to fail with 2.4.18.

I am marking this as a security bug as it WILL leave the system wide open and it
seems that there is no way of securing the system with iptables.
Comment 1 Need Real Name 2002-02-27 20:09:47 EST
I think the patch at

http://pserver.samba.org/cgi-bin/cvsweb/netfilter/userspace/libiptc/libip4tc.c.diff?r1=1.13&r2=1.14&sortby=date&f=h

may resolve this. I don't fully understand the problem, but it's linked with
(and I quote from the above link) 

"linux < 2.4.18-pre6 had two mangle hooks, linux >= 2.4.18-pre6 has five mangle
hooks".

I hope this may shed some light (but I may be wrong).

Regards,

Mark
Comment 2 Joe Acosta 2002-02-27 20:34:09 EST
That is probably true.  I have been told to get the latest iptables.  I am
wondering if Redhat has a newer kernel other than 2.4.9 and if they have a
2.4.18 kernel out.
Comment 3 Bernhard Rosenkraenzer 2002-03-04 06:36:17 EST
Patch added in 1.2.5-3. 

Note You need to log in before you can comment on or make changes to this bug.