[Bug 91] conntrack unload loops forever (reproducible)

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Mon, 12 Jan 2004 22:59:06 +0100


------- Additional Comments From mschwendt@users.sf.net  2004-01-12 22:59 -------
* It's vanilla 2.4.24 from kernel.org.

* RH kernels are identified with an additional version/build number.

> What is the order the RH scripts remove them and in what order does it work ?

There is nothing like a well-defined order of removal which works for everyone.
Trial and error or removing netfilter modules manually, can be tiresome. The
corresponding bug report is here:

The iptables userspace packages from RH, which trigger this bug, do a recursive
"modprobe -r" removal of what is found in output of "lsmod". The first iptables
package update of that kind which removed netfilter modules was this:


> Do you have sessions that are tracked by a helper when trying to
> remove the modules (ftp,irc,...) ?

Helper modules are loaded, but no actual conntrack traffic because this is right
after reboot and a client machine with a server rule-set. In addition to what
modules are loaded automatically, these are loaded explicitly:

IPTABLES_MODULES="ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc ip_nat_irc"

As mentioned before, prior to unloading the modules ("service iptables stop"
with Red Hat Linux), "cat /proc/net/ip_conntrack" is empty.

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.