Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 107169

Summary: Iptables service won't stop any longuer without a network reset
Product: [Retired] Red Hat Linux Reporter: Nicolas Mailhot <nicolas.mailhot>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED DUPLICATE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 7.3CC: davej, d
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 18:59:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nicolas Mailhot 2003-10-15 16:58:53 UTC 
Version : iptables-1.2.8-8.72.3

The new iptables service tries to unload the iptables modules on stop.
The problem is the connection tacking module won't unload if there is a
connection active. (A workaround is to do a service network restart)

As a result :
- service iptables restart will hang most of the times is conntrack is used
- software shutdown will fail too since the iptable service just hangs.

I've seen people hard-reset boxes just to restore iptables after a iptable
restart hung on them.
Comment 1 Dan Tucny 2003-10-21 22:02:17 UTC 
I've seen this on Red Hat Linux 9 and Fedora Core Test 3 also.
Comment 3 Michael Schwendt 2004-02-29 02:28:17 UTC 
triage->duplicate (bug 103177)
Comment 4 Miloslav Trmac 2004-03-01 13:48:09 UTC 

*** This bug has been marked as a duplicate of 103177 ***
Comment 5 Red Hat Bugzilla 2006-02-21 18:59:10 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.