iptables restart hangs
Chris Miller
fedora at gammanetworking.com
Tue Feb 22 19:35:57 UTC 2005
[root at sea-fw1 ~]# /etc/init.d/iptables condrestart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules:
Hangs there and never moves on.
top - 10:53:52 up 18:44, 3 users, load average: 0.99, 0.75, 0.35
Tasks: 66 total, 3 running, 63 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3% us, 1.0% sy, 0.0% ni, 49.8% id, 0.0% wa, 0.0% hi,
48.9% si
Mem: 2074100k total, 409124k used, 1664976k free, 153300k buffers
Swap: 3919600k total, 0k used, 3919600k free, 136860k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND 5505 root 25 0 3316 424 368 R 99.9 0.0 7:01.08 modprobe
[root at sea-fw1 ~]# ps auwx |grep mod
root 5505 99.9 0.0 3316 424 pts/3 R+ 10:46 7:09 modprobe
-r ip_nat_ftp
root 5610 0.0 0.0 3764 660 pts/2 S+ 10:54 0:00 grep mod
I have done some looking around and I am not the only one with the
problem. But I have not seen any way to fix it. Only way is to reboot
the server every time you update iptables. But that is not good for a
firewall that will be doing 200mbps or more of Internet traffic.
Any ideas or is there a fix that I did not see?
More information about the fedora-list
mailing list