Not sure if this has been reported as I am not on the mailing list. I'm
guessing probably yes.
I have a RH 7.2 box and am getting the following error from iptables and
kernel 2.4.18. I don't get it in 2.4.17.
output from /etc/init.d/iptables start
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
iptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -242: 1222 Aborted iptables
-t $i -Fiptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -239: 1225 Aborted iptables
-t $i -Xiptables: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -235: 1228 Aborted iptables
-t $i -ZApplying iptables firewall rules:
iptables-restore: libiptc/libip4tc.c:384: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/init.d/iptables: line -232: 1230 Done grep -v
"^[[:space:]]*#" $IPTABLES_CONFIG
1231 | grep -v '^[[:space:]]*$'
1232 Aborted | /sbin/iptables-restore -c
from var/log/messages:
Feb 27 09:53:01 Lserver iptables: Flushing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Clearing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Flushing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Clearing all current rules and user
defined chains: succeeded
Feb 27 09:53:01 Lserver iptables: Applying iptables firewall rules
failed
Joe
On Wed, Feb 27, 2002 at 10:27:05AM -0800, Joe wrote:
> Not sure if this has been reported as I am not on the mailing list. I'm
> guessing probably yes.
>
> I have a RH 7.2 box and am getting the following error from iptables and
> kernel 2.4.18. I don't get it in 2.4.17.
>
> output from /etc/init.d/iptables start
>
> Flushing all current rules and user defined chains: [ OK ]
> Clearing all current rules and user defined chains: [ OK ]
> iptables: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -242: 1222 Aborted iptables
> -t $i -Fiptables: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -239: 1225 Aborted iptables
> -t $i -Xiptables: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -235: 1228 Aborted iptables
> -t $i -ZApplying iptables firewall rules:
> iptables-restore: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> /etc/init.d/iptables: line -232: 1230 Done grep -v
> "^[[:space:]]*#" $IPTABLES_CONFIG
> 1231 | grep -v '^[[:space:]]*$'
> 1232 Aborted | /sbin/iptables-restore -c
I'll add a "me too" to this - 2.4.18, iptables 1.2.4
Setting up IPv4 mangle rules:
iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/fw-ipv4/mangle: line 2: 215 Aborted iptables -t mangle -F
iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/fw-ipv4/mangle: line 3: 216 Aborted iptables -t mangle -X
iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
/etc/fw-ipv4/mangle: line 15: 217 Aborted iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.xxx/xx -j ACCEPT
... lots more ...
The rules do appear to be in the kernel however.
iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
that point. I hope it isn't requirement to rebuild iptables against each
stable kernel release.
--
Russell King ([email protected]) The developer of ARM Linux
http://www.arm.linux.org.uk/personal/aboutme.html
> iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
> that point. I hope it isn't requirement to rebuild iptables against each
> stable kernel release.
Its not a requirement for 1.2.4 and 2.4.18 either - what happened was that
some people (Red Hat notably) turned all the paranoid debugging stuff on
and that is what spews the warnings.
In article <[email protected]> you wrote:
> iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
> that point. I hope it isn't requirement to rebuild iptables against each
> stable kernel release.
Please try 1.2.6 snapshot or try rebuild it with -DNODEBUG make flag.
RPMS/SRPM available at ftp://ftp.wsisiz.edu.pl/pub/Linux/rpms-7x
--
*[ ?ukasz Tr?bi?ski ]*
SysAdmin @wsisiz.edu.pl
Unfortunately it is not just warnings. It does not allow the firewall /
packet filter to start and iptables -L shows an open system as the rules were
never applied. Needless to say I'm back on 2.4.17.
Maybe I should file this as a bug with RH 7.2 then......
> > iptables 1.2.4 was rebuild for the 2.4.17 because it stopped working at
> > that point. I hope it isn't requirement to rebuild iptables against each
> > stable kernel release.
>
> Its not a requirement for 1.2.4 and 2.4.18 either - what happened was that
> some people (Red Hat notably) turned all the paranoid debugging stuff on
> and that is what spews the warnings.