Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 80785 - /etc/init.d/iptables status hangs
/etc/init.d/iptables status hangs
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
8.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-12-31 05:04 EST by Greg Pyhl
Modified: 2007-04-18 12:49 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-07-03 05:33:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Greg Pyhl 2002-12-31 05:04:17 EST 
Description of problem:
When using unreachable FQDNs or dummy IP addresses (like 11.11.11.11) in
/etc/sysconfig/iptables, /etc/init.d/iptables status command hangs every now and
then.

Version-Release number of selected component (if applicable):
All.

How reproducible:
Almost always.

Steps to Reproduce:
1.Add some rules with unreachable FQDNs or dummy IP addresses to
/etc/sysconfig/iptables
2./etc/init.d/iptables status
3.
    
Actual results:
Command hangs for several minutes during execution.

Expected results:
Command should finish in seconds.

Additional info:
Fix: add -n switch to status) segment in the init script:

- iptables -t $table --list
+ iptables -t $table --list -n

This does not hang with dummy IP addresses or unreachable FQDNs.
Comment 1 Michael Schwendt 2003-01-14 05:35:05 EST 
Your problem is related to DNS and a terribly slow or unreachable nameserver.

"iptables --list" does DNS lookups. "iptables --list --numeric" does not.
iptables does not hang. It just has problems reaching your nameserver, resulting
in either noticable delays or DNS lookup time-outs.
Comment 2 Greg Pyhl 2003-01-16 02:51:39 EST 
Yes, the iptables command itself does not hang, but when saying

/etc/init.d/iptables status

a user will be frustrated when s/he has to wait several minutes. It does not
matter is it because of DNS/iptables/whatever. These delays could easily be
avoided with -n.
Comment 3 Thomas Woerner 2003-07-03 05:33:48 EDT 
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an
additional config file.


/etc/sysconfig/iptables-config:
> # Additional iptables modules (nat helper)
> # Default: -empty-
> #IPTABLES_MODULES="ip_nat_ftp"
> 
> # Save current firewall rules on stop.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_STOP="no"
> 
> # Save current firewall rules on restart.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_RESTART="no"
> 
> # Save rule counter.
> # Value: yes|no,  default: yes
> #IPTABLES_SAVE_COUNTER="yes"
> 
> # Numeric status output
> # Value: yes|no,  default: no
> #IPTABLES_STATUS_NUMERIC="no"


RPM packages for 7.x:
http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm

RPM packages for 8.0:
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm

RPM packages for 9:
http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.