Issued:
2011-05-18
Updated:
2011-05-18

RHBA-2011:0557 - iptables bug fix and enhancement update

Synopsis

iptables bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated iptables packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.

Description

The iptables utility controls the network packet filtering code in the Linux kernel.

This update fixes the following bugs:

  • Previously, ip6tables did not support Portable Transparent Proxy Solution (TPROXY). Due to this lack, the IPv6 transparent proxy support was missing and IPv6 transparency was not available. This update adds this option. (BZ#590186)

  • Previously, the command "service iptables save" did not restore the context for the save file and the save backup file. It also used /tmp for the temporary file. Due to the wrong context of the save and save backup file, there could be an error the next time the save functionality is used. This update restores the context and also saves the temporary files correctly. (BZ#644273)

This update adds also the following enhancement:

  • Previously, iptables did not support auditing. Due to this issue, information for remote address/port, target address/port, protocol, and result (success/fail) could not be recorded as an audit event. This update adds the required audit support. This enhancement depends on the presence of auditing support in the kernel. (BZ#642393)

All iptables users are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for Scientific Computing6x86_64
Red Hat Enterprise Linux for Power, big endian6ppc64
Red Hat Enterprise Linux for IBM z Systems6s390x
Red Hat Enterprise Linux Workstation6x86_64
Red Hat Enterprise Linux Workstation6i386
Red Hat Enterprise Linux Server6x86_64
Red Hat Enterprise Linux Server6i386
Red Hat Enterprise Linux Server from RHUI6x86_64
Red Hat Enterprise Linux Server from RHUI6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension6i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems)6s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems)6s390x
Red Hat Enterprise Linux Desktop6x86_64
Red Hat Enterprise Linux Desktop6i386

Updated Packages

  • iptables-1.4.7-4.el6.s390x.rpm
  • iptables-1.4.7-4.el6.i686.rpm
  • iptables-1.4.7-4.el6.s390.rpm
  • iptables-debuginfo-1.4.7-4.el6.x86_64.rpm
  • iptables-devel-1.4.7-4.el6.ppc.rpm
  • iptables-devel-1.4.7-4.el6.ppc64.rpm
  • iptables-debuginfo-1.4.7-4.el6.ppc.rpm
  • iptables-1.4.7-4.el6.ppc.rpm
  • iptables-1.4.7-4.el6.src.rpm
  • iptables-ipv6-1.4.7-4.el6.x86_64.rpm
  • iptables-ipv6-1.4.7-4.el6.i686.rpm
  • iptables-1.4.7-4.el6.x86_64.rpm
  • iptables-devel-1.4.7-4.el6.s390x.rpm
  • iptables-devel-1.4.7-4.el6.x86_64.rpm
  • iptables-ipv6-1.4.7-4.el6.ppc64.rpm
  • iptables-devel-1.4.7-4.el6.s390.rpm
  • iptables-debuginfo-1.4.7-4.el6.ppc64.rpm
  • iptables-ipv6-1.4.7-4.el6.s390x.rpm
  • iptables-1.4.7-4.el6.ppc64.rpm
  • iptables-devel-1.4.7-4.el6.i686.rpm
  • iptables-debuginfo-1.4.7-4.el6.i686.rpm
  • iptables-debuginfo-1.4.7-4.el6.s390.rpm
  • iptables-debuginfo-1.4.7-4.el6.s390x.rpm

Fixes

CVEs

(none)

References

(none)

Additional information