Bug 82860 - /etc/init.d/ip6tables mistakenly refers to ipv4 iptables /proc files?
/etc/init.d/ip6tables mistakenly refers to ipv4 iptables /proc files?
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
8.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-01-27 15:47 EST by Need Real Name
Modified: 2007-04-18 12:50 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-07-03 05:34:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-01-27 15:47:45 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Description of problem:
Line 54 in /etc/init.d/ip6tables refers to /proc/net/ip_tables_names to clear
out existing defined chains. Surely this should be /proc/net/ip6_tables_names? 
This generates an error when the internal chains for the different IP versions
differ.

Also the security guide, section "ip6tables" at:

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-firewall-ip6t.html

says that "IPChains and IPTables services must be turned off to use the
IP6Tables service". This doesn't appear to be true for this IPV6 newbie: the two
operate independently.

If I'm misunderstanding the inter-relationship between iptables in IPV4 and IPV6
my apologies.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set up different new user-defined chains in iptables for IPV4
2. service ip6tables start
3. See errors about non-existent tables for IPV6
    

Actual Results:  Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
ip6tables v1.2.5: can't initialize ip6tables table `nat': Table does not exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
...

Expected Results:  Flushing all current rules and user defined chains:        [
 OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying ip6tables firewall rules:                         [  OK  ]
                                                           [  OK  ]


Additional info:
Comment 1 Michael Schwendt 2003-02-01 16:38:00 EST
1. Yes, should be /proc/net/ip6_tables_names.

2. You are right, IPv4 and IPv6 iptables can co-exist.

But the second bug report is about a documentation issue and hence should be
reported about "Component: rhl-sg" (Red Hat Linux Security Guide).
Comment 2 Thomas Woerner 2003-07-03 05:34:20 EDT
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an
additional config file.


/etc/sysconfig/iptables-config:
> # Additional iptables modules (nat helper)
> # Default: -empty-
> #IPTABLES_MODULES="ip_nat_ftp"
> 
> # Save current firewall rules on stop.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_STOP="no"
> 
> # Save current firewall rules on restart.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_RESTART="no"
> 
> # Save rule counter.
> # Value: yes|no,  default: yes
> #IPTABLES_SAVE_COUNTER="yes"
> 
> # Numeric status output
> # Value: yes|no,  default: no
> #IPTABLES_STATUS_NUMERIC="no"


RPM packages for 7.x:
http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm

RPM packages for 8.0:
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm

RPM packages for 9:
http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm

Note You need to log in before you can comment on or make changes to this bug.