[Bug 91] conntrack unload loops forever (reproducible)
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Mon, 12 Jan 2004 22:59:06 +0100
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=91
------- Additional Comments From mschwendt@users.sf.net 2004-01-12 22:59 -------
* It's vanilla 2.4.24 from kernel.org.
* RH kernels are identified with an additional version/build number.
> What is the order the RH scripts remove them and in what order does it work ?
There is nothing like a well-defined order of removal which works for everyone.
Trial and error or removing netfilter modules manually, can be tiresome. The
corresponding bug report is here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=103177
The iptables userspace packages from RH, which trigger this bug, do a recursive
"modprobe -r" removal of what is found in output of "lsmod". The first iptables
package update of that kind which removed netfilter modules was this:
ftp://ftp.tu-chemnitz.de/pub/linux/redhat-updates/7.3/en/os/i386/iptables-1.2.8-8.72.3.i386.rpm
> Do you have sessions that are tracked by a helper when trying to
> remove the modules (ftp,irc,...) ?
Helper modules are loaded, but no actual conntrack traffic because this is right
after reboot and a client machine with a server rule-set. In addition to what
modules are loaded automatically, these are loaded explicitly:
IPTABLES_MODULES="ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc ip_nat_irc"
As mentioned before, prior to unloading the modules ("service iptables stop"
with Red Hat Linux), "cat /proc/net/ip_conntrack" is empty.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.