Hello,
I have updated Fedora core 16 Kernel from 3.4.2 to 4.4.0. Once the system is rebooted with new kernel 4.4.0, the iptables loaded but not started.
// logs Failed to start IPv4 firewall with iptables [FAILED] See 'systemctl status iptables.service' for details. Started IPv6 firewall with ip6tables [ OK ]
[root@localhost grub2]# systemctl status iptables.service iptables.service - IPv4 firewall with iptables Loaded: loaded (/lib/systemd/system/iptables.service; enabled) Active: failed since Wed, 27 Jan 2016 09:20:39 -0500; 5h 7min ago Process: 936 ExecStart=/usr/libexec/iptables.init start (code=exited, status=1/FAILURE) CGroup: name=systemd:/system/iptables.service
After started the service manually, then the iptables started as follows:
systemctl start iptables.service
systemctl status iptables.service
iptables.service - IPv4 firewall with iptables Loaded: loaded (/lib/systemd/system/iptables.service; enabled) Active: active (exited) since Fri, 01 Jan 2010 14:52:20 -0500; 1s ago Process: 18474 ExecStart=/usr/libexec/iptables.init start (code=exited, status=0/SUCCESS) CGroup: name=systemd:/system/iptables.service
Here are the rules: more /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT COMMIT
I rebuilt the kernel and tested with all of the Netfilter options on, but issue remains same.
Please confirm iptables v1.4.12 is compatible with latest Kernel 4.4.0 as well. Is there any changes in sequence of starting services (during boot) in latest Kernel?
Note, the ip6_tables loaded and started without any issue.
Any help is appreciated.
Thank you, Guna
On Thu, 4 Feb 2016 15:24:46 -0500 GUNA gbalasun@gmail.com wrote:
Hello,
I have updated Fedora core 16 Kernel from 3.4.2 to 4.4.0. Once the system is rebooted with new kernel 4.4.0, the iptables loaded but not started.
That version of Fedora is over 3 years obsolete. In those days, the firewall service was iptables. Now, it is firewalld, which I think runs iptables under the covers. But iptables should still run properly if you disable firewalld from starting in systemd.
[snip]
Please confirm iptables v1.4.12 is compatible with latest Kernel 4.4.0 as well. Is there any changes in sequence of starting services (during boot) in latest Kernel?
If you are serious about running the latest kernel, you should download the latest src.rpm for iptables from koji and build the rpm on your system. Because your system hasn't been updated in so long, you will probably have to download other supporting packages. I haven't looked at the dependencies for iptables, so I don't know for sure. It looks like iptables itself hasn't been updated for quite some time.
http://koji.fedoraproject.org/koji/packageinfo?packageID=703
-
GUNA -
stan