andieveritt
03-17-2007, 11:07 PM
I am using a VPS running RHEL4, I have spent the last couple of days trying to work out why iptables wouldn't start cleanly, I was repeatedly getting the following:
[root@server ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: raw nat mangle filter [FAILED]
Applying iptables firewall rules: [ OK ]
Yet everything looked fine in /etc/sysconfig/iptables and more strangely the firewall was working (?) despite this error.
After a lot of digging I found the following article from CentOS: http://bugs.centos.org/view.php?id=1676. After implementing the patch suggested there I get a clean startup.
It seems that the default startup script (/etc/init.d/iptables) doesn't include support for the 'raw' table, although it gets that table in the list it reads from /proc/net/ip_table_names the startup script then treats the presence of that table as an error causing the FAILED seen above.
[root@server ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: raw nat mangle filter [FAILED]
Applying iptables firewall rules: [ OK ]
Yet everything looked fine in /etc/sysconfig/iptables and more strangely the firewall was working (?) despite this error.
After a lot of digging I found the following article from CentOS: http://bugs.centos.org/view.php?id=1676. After implementing the patch suggested there I get a clean startup.
It seems that the default startup script (/etc/init.d/iptables) doesn't include support for the 'raw' table, although it gets that table in the list it reads from /proc/net/ip_table_names the startup script then treats the presence of that table as an error causing the FAILED seen above.