Bug 18082

Summary: iptables and ip6tables are dead after boot
Product: Mageia Reporter: Bjarne Thomsen <bjarne.thomsen>
Component: RPM PackagesAssignee: Thomas Backlund <tmb>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: marja11, tmb
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: iptables-1.6.0-2.mga6 CVE:
Status comment:
Attachments: compressed journalctl -b output

Description Bjarne Thomsen 2016-03-28 15:01:26 CEST 
Description of problem:
systemctl status iptables.service
shows that the service is dead.
I can start it by
systemctl start iptables.service
It is now running.
The same thing applies for ip6tables.
This applies to the lates updates.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
Comment 1 Marja Van Waes 2016-03-28 21:21:48 CEST 
Confirming they were dead here, too.

Both are up fine now, after restarting them.

However;
restarting them kills shorewall and shorewall6 service
And restarting shorewall(6), kills iptables and ip6tables
firewalld.service was dead since the beginning

IIUC, they (firewalld service, too) all have the same purpose; configuring the kernel's firewall tables. Maybe they should never be active at the same time? 

CC'ing tmb

CC: (none) => marja11, tmb
Source RPM: (none) => iptables-1.6.0-2.mga6

Comment 2 Bjarne Thomsen 2016-03-28 22:27:11 CEST 
They certainly are running at the same time in mga5.
Maybe something are changed in how iptables are called in shorewall?
Comment 3 Marja Van Waes 2016-03-28 23:10:14 CEST 
Created attachment 7603 [details]
compressed journalctl -b output

output includes restarting iptables and later shorewall service, earlier today (see above)
Comment 4 Marja Van Waes 2016-03-28 23:11:14 CEST 
(In reply to Bjarne Thomsen from comment #2)
> They certainly are running at the same time in mga5.
> Maybe something are changed in how iptables are called in shorewall?

(In reply to Bjarne Thomsen from comment #2)
> They certainly are running at the same time in mga5.
> Maybe something are changed in how iptables are called in shorewall?

Thanks, assigning to tmb, then.

Maybe this is related:

mrt 28 07:07:17 cldrn_64 systemd-sysctl[1042]: Couldn't write '0' to 'net/bridge/bridge-nf-call-ip6tables', ignoring: No such file or 
mrt 28 07:07:17 cldrn_64 systemd-sysctl[1042]: Couldn't write '0' to 'net/bridge/bridge-nf-call-iptables', ignoring: No such file or d
mrt 28 07:07:17 cldrn_64 systemd-sysctl[1042]: Couldn't write '0' to 'net/bridge/bridge-nf-call-arptables', ignoring: No such file or 

(repeated three times)

(from the attached journal)

Assignee: bugsquad => tmb

Comment 5 Bjarne Thomsen 2017-07-12 19:39:23 CEST 
I beleave this has bin fixed.
Comment 6 Bjarne Thomsen 2019-11-07 23:28:06 CET 
Not relevant anymore
Comment 7 Thomas Backlund 2019-11-07 23:31:38 CET 
Then you can close it as you are the reporter

Status: NEW => RESOLVED
Resolution: (none) => FIXED