On 09/15/2017 02:11 AM, Steven Haigh wrote:
> On 2017-09-15 16:11, Ilari Stenroth wrote:
>> CentOS did fix the iptables bug before the upstream EL distribution in
>> their package release iptables-1.4.21-18.0.1.el7. It's mentioned here:
>> https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 Maybe the fixed
>> package can be ported to SL7.4?
>
> I reported the initial bug to RH via bugzilla.
>
> The problem is that the CentOS fix does not completely fix the issue - 
> however works around one specific case.
>
> The same race condition also applies for iptables rulesets that load 
> kernel modules as the rules are inserted.
>
> I don't believe this has been fixed by CentOS, or RH as yet.
>
> This means any non-bog standard firewall could still cause a silent 
> failure of firewall rules on boot.
>

I believe the package in SL7 Testing has the complete fix applied.

Pat

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org