From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.1) Gecko/20020826 Description of problem: Resetting built-in chains to the default ACCEPT policy with 'service iptables stop' causes 3 of 5 chains from 'mangle' table to stay in previous set default policy, like i.e. DROP. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.iptables -t mangle -P INPUT DROP 2.iptables -t mangle -P FORWARD DROP 3.iptables -t mangle -P POSTROUTING DROP 4.service iptables stop 5.iptables -t mangle -L Actual Results: 3 of 5 built-in chains in 'mangle' table do not get back to default ACCEPT policy when stopping iptables service. Expected Results: 'mangle' table built-in chains default policy should be set to ACCEPT in /etc/init.d/iptables. I modified /etc/init.d/iptables script to resolve problem. I put link to fixed script in url field of bug form. Additional info: the same applies to ip6tables (iptables-ipv6 rpm package). under file name ip6tables instead of iptables in url I provided you'll find fixed /etc/init.d/ip6tables script.
Created attachment 80004 [details] fixed iptables starting script
Red Hat Linux 8.0 is affected, too. --- iptables.orig Wed Aug 7 16:34:38 2002 +++ iptables Sun Oct 20 18:59:52 2002 @@ -117,7 +117,10 @@ iftable nat -P POSTROUTING ACCEPT && \ iftable nat -P OUTPUT ACCEPT && \ iftable mangle -P PREROUTING ACCEPT && \ + iftable mangle -P POSTROUTING ACCEPT && \ + iftable mangle -P INPUT ACCEPT && \ iftable mangle -P OUTPUT ACCEPT && \ + iftable mangle -P FORWARD ACCEPT && \ success || \ failure echo
While updating my iptables packages for Psyche and Valhalla, I added patched iptables initscripts to bug #76367.
fixed in iptables-1.2.7a-1.