View Issue Details

IDProjectCategoryView StatusLast Update
0001676CentOS-4iptablespublic2013-03-23 21:28
Reporterkandrei Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionsuspended 
Product Version4.4 
Summary0001676: Default iptables startup script does not support raw tables default policy settings
DescriptionIf you use the raw table in /etc/sysconfig/iptables (*raw) and try to do a "service iptables restart" you'll get a FAILED message when setting the default policy for the tables. The problem is that the startup script /etc/init.d/iptables doesn't know anything about setting up the raw table default policy so it returns error.

Solution: The following patch file applied to the /etc/init.d/iptables script. I would suggest adding it to the default iptables build for CentOS RPMs.

--- patch file

*** iptables 2007-02-12 23:21:35.000000000 +0200
--- iptables-new 2007-02-12 23:21:54.000000000 +0200
***************
*** 120,125 ****
--- 120,130 ----
      for i in $tables; do
        echo -n "$i "
        case "$i" in
+ raw)
+ $IPTABLES -t raw -P PREROUTING $policy \
+ && $IPTABLES -t raw -P OUTPUT $policy \
+ || let ret+=1
+ ;;
            filter)
                  $IPTABLES -t filter -P INPUT $policy \
                    && $IPTABLES -t filter -P OUTPUT $policy \

--- END patch file
TagsNo tags attached.

Activities

2007-02-12 23:10

 

iptables-startup-raw.patch (469 bytes)   
*** iptables	2007-02-12 23:21:35.000000000 +0200
--- iptables-new	2007-02-12 23:21:54.000000000 +0200
***************
*** 120,125 ****
--- 120,130 ----
      for i in $tables; do
  	echo -n "$i "
  	case "$i" in
+ 	    raw)
+ 		$IPTABLES -t raw -P PREROUTING $policy \
+ 		    && $IPTABLES -t raw -P OUTPUT $policy \
+ 		    || let ret+=1
+ 		;;
  	    filter)
                  $IPTABLES -t filter -P INPUT $policy \
  		    && $IPTABLES -t filter -P OUTPUT $policy \
iptables-startup-raw.patch (469 bytes)   
tigalch

tigalch

2013-03-23 21:28

manager   ~0016947

CentOS4 is EOL.

Issue History

Date Modified Username Field Change
2007-02-12 21:30 kandrei New Issue
2007-02-12 21:30 kandrei Status new => assigned
2007-02-12 23:10 kandrei File Added: iptables-startup-raw.patch
2013-03-23 21:28 tigalch Note Added: 0016947
2013-03-23 21:28 tigalch Status assigned => closed
2013-03-23 21:28 tigalch Resolution open => suspended