Bug 860465 - What happend with iptables? x86_64
What happend with iptables? x86_64
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
18
Unspecified Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-25 17:45 EDT by Álvaro Castillo
Modified: 2012-09-27 06:11 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-26 09:02:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Álvaro Castillo 2012-09-25 17:45:01 EDT
Description of problem:
iptables is firewall one of Linux firewall. iptables not start, is shown as "dead" or inactive.

Version-Release number of selected component (if applicable):

systemd
==========
Versión     : 188
Lanzamiento     : 3.fc18
===========
iptables
=============
Versión     : 1.4.14
Lanzamiento     : 3.fc18

Steps to Reproduce:
1. service iptables status
2. service iptables restart
3. service iptables status
  
Actual results:

# service iptables status
Redirecting to /bin/systemctl status  iptables.service
iptables.service - IPv4 firewall with iptables
          Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled)
          Active: inactive (dead)
                  start condition failed at Tue, 25 Sep 2012 22:39:56 +0100; 2s ago
          CGroup: name=systemd:/system/iptables.service
Comment 1 Thomas Woerner 2012-09-26 09:02:07 EDT
Fedora 18 is using firewalld as the default firewall solution. The services iptables and ip6tables are still available for backwards compatibility, but deactivated by default.
Comment 2 Thomas Woerner 2012-09-26 09:03:15 EDT
See: https://fedoraproject.org/wiki/Features/firewalld-default
Comment 3 Jiri Popelka 2012-09-26 12:00:51 EDT
(In reply to comment #1)
> The services iptables and ip6tables are still available for
> backwards compatibility, but deactivated by default.

That's right. The problem is that 'service iptables (re)start' always (even with firewalld removed) fails. The reason is that there's no default /etc/sysconfig/iptables. After 'touch /etc/sysconfig/iptables' iptables service is able to (re)start.
Shouldn't there be a default /etc/sysconfig/iptables for those who prefer iptables over firewalld ?
Comment 4 Lennart Poettering 2012-09-26 13:25:59 EDT
Thomas, iptables.service is currently listed in the preset file we ship as something to enable by default. (because it is listed on https://fedoraproject.org/wiki/Starting_services_by_default) Shall I drop that from the preset list?
Comment 5 Thomas Woerner 2012-09-27 06:08:25 EDT
Lennart, iptables.service and ip6tables.service can both be removed from the preset list. firewalld is mentioned in https://fedoraproject.org/wiki/Starting_services_by_default and should be on the preset list.
Comment 6 Thomas Woerner 2012-09-27 06:11:17 EDT
Jiri: system-config-firewall / lokkit creates the iptables and ip6tables rules files. Also anaconda does up to now at installation time.

Note You need to log in before you can comment on or make changes to this bug.