On 09/01/2017 11:05 AM, Steven Haigh wrote:
> On Tuesday, 29 August 2017 4:49:47 AM AEST Pat Riehecky wrote:
>> Scientific Linux 7.4 RC1 x86_64
>>
>> These are the notes for the "Release Candidate" of Scientific Linux 7.4
>> ----------------------------------------------------------------------------
>>
>> KNOWN ISSUES
>> ----------------------------------------------------------------------------
>>
>> Firewall fails to apply when using iptables-services
>>              if you use iptables and ip6tables on the same system, systemd
>>              tries to start them at the same time - and one may fail to
>>              load.
>>              Upstream bug:
>>              https://bugzilla.redhat.com/show_bug.cgi?id=1477413
> Hi Pat,
>
> Just as a quick note, I would suggest that treating this issue as a possible
> blocker for the 7.4 release unless the patch included in the upstream BZ is
> rolled in before release.
>
> At the current state, any users not using firewalld *WILL* have problems
> loading firewall rules (ie there won't be one) if they use both iptables and
> ip6tables services.
>
> CentOS included this patch in their 7.4 release to the CR branch - however I
> note there is still a further fix required for this issue to be resolved
> completely:
> 	https://bugzilla.redhat.com/show_bug.cgi?id=1486803
>
> We assume this is a Before: and After: statement in iptables.service and
> ip6tables.service - but have no confirmation of this as yet.
>
> Either way - I would be very cautious on a release without at least patching
> the first issue in this chain.
>

I was hopeful an official fix would be published this week....

For the moment I've tossed a possible fix up in sl-testing which 
includes both patches.

Pat

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org