Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 75723

Summary: Resetting built-in chains to the default ACCEPT policy do not include all the chains from 'mangle' table
Product: [Retired] Red Hat Linux Reporter: Konrad Zak <konrad>
Component: iptablesAssignee: wdovlrrw <brosenkr>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: bugs.michael
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://prawo.uni.wroc.pl/~konrad/iptables
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-01-13 21:48:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
fixed iptables starting script none

Description Konrad Zak 2002-10-11 15:31:05 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.1) Gecko/20020826

Description of problem:
Resetting built-in chains to the default ACCEPT policy with 'service iptables
stop' causes 3 of 5 chains from 'mangle' table to stay in previous set default
policy, like i.e. DROP.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.iptables -t mangle -P INPUT DROP
2.iptables -t mangle -P FORWARD DROP
3.iptables -t mangle -P POSTROUTING DROP
4.service iptables stop
5.iptables -t mangle -L
	

Actual Results:  3 of 5 built-in chains in 'mangle' table do not get back to
default ACCEPT policy when stopping iptables service. 

Expected Results:  'mangle' table built-in chains default policy should be set
to ACCEPT in /etc/init.d/iptables. I modified /etc/init.d/iptables script to
resolve problem. I put link to fixed script in url field of bug form.

Additional info:

the same applies to ip6tables (iptables-ipv6 rpm package).
under file name ip6tables instead of iptables in url I provided you'll find
fixed /etc/init.d/ip6tables script.
Comment 1 Konrad Zak 2002-10-11 15:44:20 UTC 
Created attachment 80004 [details]
fixed iptables starting script
Comment 2 Michael Schwendt 2002-10-20 17:02:47 UTC 
Red Hat Linux 8.0 is affected, too.

--- iptables.orig       Wed Aug  7 16:34:38 2002
+++ iptables    Sun Oct 20 18:59:52 2002
@@ -117,7 +117,10 @@
           iftable nat -P POSTROUTING ACCEPT && \
           iftable nat -P OUTPUT ACCEPT && \
            iftable mangle -P PREROUTING ACCEPT && \
+           iftable mangle -P POSTROUTING ACCEPT && \
+           iftable mangle -P INPUT ACCEPT && \
            iftable mangle -P OUTPUT ACCEPT && \
+           iftable mangle -P FORWARD ACCEPT && \
           success || \
           failure 
        echo
Comment 3 Michael Schwendt 2002-12-24 21:02:57 UTC 
While updating my iptables packages for Psyche and Valhalla, I added patched
iptables initscripts to bug #76367.
Comment 4 Bill Nottingham 2003-01-13 21:48:57 UTC 
fixed in iptables-1.2.7a-1.