On 09/15/2017 02:11 AM, Steven Haigh wrote: > On 2017-09-15 16:11, Ilari Stenroth wrote: >> CentOS did fix the iptables bug before the upstream EL distribution in >> their package release iptables-1.4.21-18.0.1.el7. It's mentioned here: >> https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 Maybe the fixed >> package can be ported to SL7.4? > > I reported the initial bug to RH via bugzilla. > > The problem is that the CentOS fix does not completely fix the issue - > however works around one specific case. > > The same race condition also applies for iptables rulesets that load > kernel modules as the rules are inserted. > > I don't believe this has been fixed by CentOS, or RH as yet. > > This means any non-bog standard firewall could still cause a silent > failure of firewall rules on boot. > I believe the package in SL7 Testing has the complete fix applied. Pat -- Pat Riehecky Fermi National Accelerator Laboratory www.fnal.gov www.scientificlinux.org