Red Hat Bugzilla – Bug 82860
/etc/init.d/ip6tables mistakenly refers to ipv4 iptables /proc files?
Last modified: 2007-04-18 12:50:23 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202 Description of problem: Line 54 in /etc/init.d/ip6tables refers to /proc/net/ip_tables_names to clear out existing defined chains. Surely this should be /proc/net/ip6_tables_names? This generates an error when the internal chains for the different IP versions differ. Also the security guide, section "ip6tables" at: http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-firewall-ip6t.html says that "IPChains and IPTables services must be turned off to use the IP6Tables service". This doesn't appear to be true for this IPV6 newbie: the two operate independently. If I'm misunderstanding the inter-relationship between iptables in IPV4 and IPV6 my apologies. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Set up different new user-defined chains in iptables for IPV4 2. service ip6tables start 3. See errors about non-existent tables for IPV6 Actual Results: Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] ip6tables v1.2.5: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. ... Expected Results: Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying ip6tables firewall rules: [ OK ] [ OK ] Additional info:
1. Yes, should be /proc/net/ip6_tables_names. 2. You are right, IPv4 and IPv6 iptables can co-exist. But the second bug report is about a documentation issue and hence should be reported about "Component: rhl-sg" (Red Hat Linux Security Guide).
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an additional config file. /etc/sysconfig/iptables-config: > # Additional iptables modules (nat helper) > # Default: -empty- > #IPTABLES_MODULES="ip_nat_ftp" > > # Save current firewall rules on stop. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_STOP="no" > > # Save current firewall rules on restart. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_RESTART="no" > > # Save rule counter. > # Value: yes|no, default: yes > #IPTABLES_SAVE_COUNTER="yes" > > # Numeric status output > # Value: yes|no, default: no > #IPTABLES_STATUS_NUMERIC="no" RPM packages for 7.x: http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm RPM packages for 8.0: http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm RPM packages for 9: http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm