25367 – iptables-restore: missing module does not cause the unit to fail

Bug 25367 - iptables-restore: missing module does not cause the unit to fail

Summary: iptables-restore: missing module does not cause the unit to fail

Status:	RESOLVED DUPLICATE of bug 32448

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Thomas Backlund
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	32448
	Show dependency tree / graph

Reported:	2019-08-28 12:19 CEST by Marc Krämer
Modified:	2023-10-29 13:22 CET (History)
CC List:	0 users

See Also:
Source RPM:	iptables-1.8.2-5.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2019-08-28 12:19:10 CEST

having an "old" line in /etc/sysconfig/iptables, e.g.
-A INPUT -m geoip --source-country CN,EC,RU,JP,CO,UA,IN,UA  -j DROP

causes iptables-restore not to apply ANY rules (which is quite ok). Failure is logged, but the unit does not fail!

systemctl status iptables.service 
● iptables.service - iptables Firewall for IPv4
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Wed 2019-08-28 12:13:44 CEST; 2min 51s ago
  Process: 12196 ExecStart=/usr/libexec/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 12196 (code=exited, status=0/SUCCESS)

Aug 28 12:13:44 localhost.localdomain systemd[1]: Starting iptables Firewall for IPv4...
Aug 28 12:13:44 localhost.localdomain iptables.init[12196]: Applying iptables firewall rules:
Aug 28 12:13:44 localhost.localdomain iptables.init[12196]: iptables-restore v1.8.2 (legacy): Couldn't load match `geoip':No such file or directory
Aug 28 12:13:44 localhost.localdomain iptables.init[12196]: Error occurred at line: 38
Aug 28 12:13:44 localhost.localdomain iptables.init[12196]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Aug 28 12:13:44 localhost.localdomain iptables.init[12196]: [FEHLER]
Aug 28 12:13:44 localhost.localdomain systemd[1]: Started iptables Firewall for IPv4.

I think /usr/libexec/iptables.init should return a failure code if this script fails

Comment 1 Lewis Smith 2019-08-28 22:18:27 CEST

Assigning to Thomas for iptables.

Assignee: bugsquad => tmb
Severity: critical => major

Comment 2 Aurelien Oudelet 2021-07-06 13:14:20 CEST

Mageia 7 is EOL since July 1st 2021.
There will not have any further bugfix for this release.

You are encouraged to upgrade to Mageia 8 as soon as possible.

@reporter, if this bug still apply with Mageia 8, please let us know it.

@packager, if you work on the Mageia 7 version of your package, please check the Mageia 8 package if issue is also present. In this case, please fix the Mageia 8 version instead.

This bug report will be closed OLD if there is no further notice within 1st September 2021.

Marc Krämer 2021-07-06 13:17:27 CEST

Version: 7 => 8

Comment 3 Marc Krämer 2021-07-06 13:21:12 CEST

we still call the old init-script.

Marc Krämer 2023-10-29 11:19:25 CET

Blocks: (none) => 32448

Comment 4 Marc Krämer 2023-10-29 13:22:12 CET

Close as duplicate

*** This bug has been marked as a duplicate of bug 32448 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.