From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003 Description of problem: Both the iptables and ip6tables initscripts try to delete built-in chains in the "panic" function: iftable filter -X INPUT && \ iftable filter -X FORWARD && \ iftable filter -X OUTPUT && \ iftable nat -X PREROUTING && \ iftable nat -X POSTROUTING && \ iftable nat -X OUTPUT && \ iftable mangle -X PREROUTING && \ iftable mangle -X OUTPUT && \ success $"Removing user defined chains:" || \ failure $"Removing user defined chains:" That is impossible and gives an error. Built-in chains cannot be deleted. All flushed user-defined chains in a table can be deleted at once with just "iptables -X", e.g. "iptables -t filter -X" or "iptables -t nat -X". So, most likely that is what the script should do instead. Version-Release number of selected component (if applicable): 1.2.5-3 (Valhalla) and 1.2.6-2 (Psyche) How reproducible: Always Steps to Reproduce: 1. service iptables panic The same result with service ip6tables. Actual Results: # service iptables panic Changing target policies to DROP: [ OK ] iptables: Can't delete built-in chain [ OK ] [root@localhost root]# [FAILED] Expected Results: # service iptables panic Changing target policies to DROP: [ OK ] [root@localhost root]# [ OK ] Additional info (!): The second OK/FAILED status output is on the wrong line, because the echo/success/failure description string is missing in the script.
Created attachment 88897 [details] patch against iptables-1.2.5-3 package
Created attachment 88898 [details] _complete_ patch against iptables-1.2.5-3 package
Created attachment 88899 [details] patch including fix for bug #75723 The patch includes fixes for bug #75723.
should be fixed in 1.2.7a-1.