Bug 82860 - /etc/init.d/ip6tables mistakenly refers to ipv4 iptables /proc files?
Summary: /etc/init.d/ip6tables mistakenly refers to ipv4 iptables /proc files?
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables
Version: 8.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-01-27 20:47 UTC by Need Real Name
Modified: 2007-04-18 16:50 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-07-03 09:34:20 UTC
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2003-01-27 20:47:45 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202

Description of problem:
Line 54 in /etc/init.d/ip6tables refers to /proc/net/ip_tables_names to clear
out existing defined chains. Surely this should be /proc/net/ip6_tables_names? 
This generates an error when the internal chains for the different IP versions
differ.

Also the security guide, section "ip6tables" at:

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-firewall-ip6t.html

says that "IPChains and IPTables services must be turned off to use the
IP6Tables service". This doesn't appear to be true for this IPV6 newbie: the two
operate independently.

If I'm misunderstanding the inter-relationship between iptables in IPV4 and IPV6
my apologies.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set up different new user-defined chains in iptables for IPV4
2. service ip6tables start
3. See errors about non-existent tables for IPV6
    

Actual Results:  Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
ip6tables v1.2.5: can't initialize ip6tables table `nat': Table does not exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
...

Expected Results:  Flushing all current rules and user defined chains:        [
 OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying ip6tables firewall rules:                         [  OK  ]
                                                           [  OK  ]


Additional info:

Comment 1 Michael Schwendt 2003-02-01 21:38:00 UTC
1. Yes, should be /proc/net/ip6_tables_names.

2. You are right, IPv4 and IPv6 iptables can co-exist.

But the second bug report is about a documentation issue and hence should be
reported about "Component: rhl-sg" (Red Hat Linux Security Guide).

Comment 2 Thomas Woerner 2003-07-03 09:34:20 UTC
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an
additional config file.


/etc/sysconfig/iptables-config:
> # Additional iptables modules (nat helper)
> # Default: -empty-
> #IPTABLES_MODULES="ip_nat_ftp"
> 
> # Save current firewall rules on stop.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_STOP="no"
> 
> # Save current firewall rules on restart.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_RESTART="no"
> 
> # Save rule counter.
> # Value: yes|no,  default: yes
> #IPTABLES_SAVE_COUNTER="yes"
> 
> # Numeric status output
> # Value: yes|no,  default: no
> #IPTABLES_STATUS_NUMERIC="no"


RPM packages for 7.x:
http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm

RPM packages for 8.0:
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm

RPM packages for 9:
http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm



Note You need to log in before you can comment on or make changes to this bug.