I have this problem too on CentOS 5.6, but I have it only if I boot with the latest paravirt kernel 2.6.38, no problem if I boot with the legacy one 2.6.18.

[root@**** ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED] 

Sincerely I haven't understood what is the problem and how to solve it.

Apply this patch http://pastebin.linode.com/5191 to /etc/init.d/iptables

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I have just applyed the patch, restarted my CentoOS 5.6 with the latest paravirt 2.6.38 but on boot I can read this error:

Settings chains to policy ACCEPT: security raw mangle filter [FAILED]

Thanks for the help, I appreciate it.

Odd worked for someone else and myself, can you put the contents of your /etc/init.d/iptables in pastebin.linode.com

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Done:
http://pastebin.linode.com/5199

Well it's patched ok without looking at the server I'm not sure what's wrong.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

If I manually restart iptables with
service iptables restart
I get no error.

But on boot I can see this:

That's just plain weird, I don't have a centos system handy to test this on right now either :/

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

no one else with this problem?

You can see this problem only on boot because if you restart iptables manually, no error is displayed.

I would like to have an answer from Linode since this is a problem of most users here running CentOS.

Thanks.

Hi all, Sorry to hijack such an old thread

I've attempted to apply the same patch here, this is the exact contents of the file

--- iptables.new   2011-04-21 14:04:21.000000000 +0100
+++ iptables   2011-04-21 14:05:44.000000000 +0100
@@ -119,7 +119,13 @@
     ret=0
     for i in $tables; do
         echo -n "$i "
-        case "$i" in
+        case "$i" in
+      security)
+                    $IPTABLES -t security -P INPUT $policy \
+                    && $IPTABLES -t security -P OUTPUT $policy \
+                    && $IPTABLES -t security -P FORWARD $policy \
+                   || let ret+=1
+                ;;
             raw)
                 $IPTABLES -t raw -P PREROUTING $policy \
                     && $IPTABLES -t raw -P OUTPUT $policy \

This is as per the download button on this paste file. On a fresh install of Centos 5.6.

The patch runs, but comes up to the following

missing header for unified diff at line 3 of patch
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- iptables.new   2011-04-21 14:04:21.000000000 +0100
|+++ iptables   2011-04-21 14:05:44.000000000 +0100
--------------------------
File to patch: /etc/init.d/iptables
patching file /etc/init.d/iptables
Hunk #1 FAILED at 119.
1 out of 1 hunk FAILED -- saving rejects to file /etc/init.d/iptables.rej

Any ideas here at all?

It means /etc/init.d/iptables is different compared to the one I made the patch for, post the contents of it into pastebin.linode.com and post the url here

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

oops sorry, I thought I had updated this, I fixed this one myself eventually, looking at the config, everything was the same but it just refused to add the extra entry, I manually added it, and everything generally worked, I still have the profile but need to boot it if you'd like to see what else is different, as it's only the additional lines I added
(could be good for reference?)

If adding the lines manually worked then don't worry about it Linode already know about this issue so hopefully it'll be fixed in the distro soon.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Does anyone know of an updated patch? The pastebin link doesn't work anymore and I'm still having this issue.

Thanks!