Description of problem: The new iptables init script calls modprobe -r to unload modules when stopping. Unfortunately this causes a hang at "modprobe -r" (with e.g. the ipt_state module) after e.g. "service iptables restart": nils@wombat:~> sudo service iptables restart Flushing firewall rules: [ OK ] Setting chains to ACCEPT policy: [ OK ] Unloading iptables modules:Terminated [<-- had to kill script here] nils@wombat:~> sudo su - root@wombat:~> lsmod |grep ipt iptable_filter 2444 0 (autoclean) ip_tables 15264 1 [iptable_filter] root@wombat:~> ps auxw|grep mod nils 2336 0.0 1.3 17732 7032 ? S 14:34 0:00 /usr/libexec/modemlights_applet2 --oaf-activate-iid=OAFIID:GNOME_ModemLightsApplet_Factory --oaf-ior-fd=26 root 2847 91.0 0.1 3348 824 pts/3 R 14:36 4:38 modprobe -r ipt_state root 3370 0.0 0.1 4660 668 pts/3 S 14:41 0:00 grep mod root@wombat:~> lsmod|grep ipt_stat As you can see, modprobe apparently goes into an endless loop even after successfully removing the module as per "lsmod" (I also had it looping with the module to be removed listed as "(deleted)", but that was with a kernel from RHL9). Version-Release number of selected component (if applicable): modutils-2.4.25-8 kernel-2.4.21-20.1.2024.2.1.nptl (module gets removed in "lsmod") kernel-2.4.20-18.9 (module is "(deleted)" in "lsmod") iptables-1.2.8-6.1 How reproducible: Easy. Steps to Reproduce: 1. Boot system 2. Start iptables 3. Stop iptables Actual results: See above Expected results: Modules get unloaded, iptables script doesn't hang.
Forget about differences between the two kernels, in fact with both of them the "ip_conntrack" module is marked as "(deleted)" (not "ipt_state").
lsmod output? Anything in dmesg? What does strace of modprobe show?
I thought the problem had vanished because shutting down the machine worked yesterday evening (with iptables-1.2.8-7.1), but I managed to do it again... I'll attach strace, dmesg, lsmod output (dmesg doesn't reveal anything to me, just the occasional cipe messages, iptables log lines...).
Created attachment 92904 [details] gzipped strace of /etc/rc.d/initd.d/iptables stop made it with: strace -o $file -Ff -s 512 /etc/init.d/iptables stop
Created attachment 92905 [details] lsmod output after trying to stop iptables
Created attachment 92906 [details] dmesg output after trying to stop iptables
the PID of the "guilty" modprobe process ("modprobe -r ip_conntrack_ftp") is 6281, it seems to hang/loop in "delete_module".
Hanging in delete_module sounds like a kernel problem.
I've seen the same symptoms in 2.4.20-18.7smp.
*** Bug 103094 has been marked as a duplicate of this bug. ***
The problem doesn't show in kernel-2.4.22-1.2051.nptl -- shall I close the bug or push this back to RHL9 -- it still shows with its kernels.
*** This bug has been marked as a duplicate of 103177 ***
I've got exactly the same problem on a fedora 3, so I think it's not resolved yet
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.