On 09/01/2017 11:05 AM, Steven Haigh wrote: > On Tuesday, 29 August 2017 4:49:47 AM AEST Pat Riehecky wrote: >> Scientific Linux 7.4 RC1 x86_64 >> >> These are the notes for the "Release Candidate" of Scientific Linux 7.4 >> ---------------------------------------------------------------------------- >> >> KNOWN ISSUES >> ---------------------------------------------------------------------------- >> >> Firewall fails to apply when using iptables-services >> if you use iptables and ip6tables on the same system, systemd >> tries to start them at the same time - and one may fail to >> load. >> Upstream bug: >> https://bugzilla.redhat.com/show_bug.cgi?id=1477413 > Hi Pat, > > Just as a quick note, I would suggest that treating this issue as a possible > blocker for the 7.4 release unless the patch included in the upstream BZ is > rolled in before release. > > At the current state, any users not using firewalld *WILL* have problems > loading firewall rules (ie there won't be one) if they use both iptables and > ip6tables services. > > CentOS included this patch in their 7.4 release to the CR branch - however I > note there is still a further fix required for this issue to be resolved > completely: > https://bugzilla.redhat.com/show_bug.cgi?id=1486803 > > We assume this is a Before: and After: statement in iptables.service and > ip6tables.service - but have no confirmation of this as yet. > > Either way - I would be very cautious on a release without at least patching > the first issue in this chain. > I was hopeful an official fix would be published this week.... For the moment I've tossed a possible fix up in sl-testing which includes both patches. Pat -- Pat Riehecky Fermi National Accelerator Laboratory www.fnal.gov www.scientificlinux.org