Description of problem: After update to glibc--2.14.90-16.x86_64 from updates-testing I see this in dmesg: [ 26.306291] iptables.init[1011]: iptables: Applying firewall rules: /usr/libexec/iptables.init: line 176: 1040 Aborted $IPTABLES-restore $OPT $IPTABLES_DATA [ 26.371874] iptables.init[1011]: [FAILED] ..... [ 26.404047] ip6_tables: (C) 2000-2006 Netfilter Core Team [ 26.415782] ip6tables.init[1010]: ip6tables: Applying firewall rules: /usr/libexec/ip6tables.init: line 176: 1027 Aborted $IP6TABLES-restore $OPT $IP6TABLES_DATA [ 26.418548] ip6tables.init[1010]: [FAILED] Version-Release number of selected component (if applicable): F16 up-to-date glibc--2.14.90-16.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I see these also: [mihai@netop ~]$ systemctl status iptables.service iptables.service - IPv4 firewall with iptables Loaded: loaded (/lib/systemd/system/iptables.service; enabled) Active: failed since Tue, 15 Nov 2011 08:50:48 +0200; 21min ago Process: 1011 ExecStart=/usr/libexec/iptables.init start (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/iptables.service [mihai@netop ~]$ systemctl status ip6tables.service ip6tables.service - IPv6 firewall with ip6tables Loaded: loaded (/lib/systemd/system/ip6tables.service; enabled) Active: failed since Tue, 15 Nov 2011 08:50:48 +0200; 22min ago Process: 1010 ExecStart=/usr/libexec/ip6tables.init start (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/ip6tables.service If I downgrade to glibc--2.14.90-14.x86_64 then all is OK.
With glibc-2.14.90-14.x86_64: [root@netop ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT esp -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:isakmp ACCEPT udp -- anywhere 224.0.0.251 state NEW udp dpt:mdns ACCEPT udp -- anywhere anywhere state NEW udp dpt:ipp ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
With glibc-2.14.90-16.x86_64: [root@netop ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination
Testcase?
Testcase: 1. yum --enablerepo=updates-testing update glibc\* 2. reboot 3. see in dmesg messages from comment #0
*** This bug has been marked as a duplicate of bug 754026 ***