stats-storage-0:/root# iptables --flush
stats-storage-0:/etc/sysconfig/network-scripts# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules:
...and there it hangs. When I then run, in another window:
stats-storage-0:/root# service openibd stop
Unloading OpenIB kernel modules: [ OK ]
...then the iptables run from before completes successfully.
Is this a known/reported bug? Or is this something new?
Note: I have modified /etc/sysconfig/iptables-config, to comment out
this line:
#IPTABLES_MODULES="ip_conntrack_netbios_ns"
IPTABLES_MODULES=""
I did this in an attempt to stop the actual kernel panics, which
are of course worse. The logs from one of those kernel panics:
iRemoving netfilter NETLINK layer.
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 304 bytes per
conntrack
Unable to handle kernel paging request at 0000000000200200 RIP:
[<ffffffff80157b5d>] list_del+0x8/0x71
PGD 6b0eb067 PUD 6f36c067 PMD 0
Oops: 0000 [1] SMP
last sysfs file:
/devices/pci0000:00/0000:00:02.0/0000:04:00.0/0000:05:00.0/0000:06:00.0/0000:07:
00.0/irq
CPU 7
Modules linked in: ip_conntrack nfnetlink nfs fscache hfsplus nfsd
exportfs nfs_acl auth_rpcgss openafs(PU) autofs4 ipmi_devintf ipmi_si
ipmi_msghandler lockd sunrpc ipt_REJECT ip6t_REJECT xt_tcpudp
ip6table_filter ip6_tables x_tables be2iscsi iscsi_tcp bnx2i cnic uio
cxgb3i cxgb3 8021q libiscsi_tcp ib_iser libiscsi2 scsi_transport_iscsi2
scsi_transport_iscsi ib_srp rds ib_sdp ib_ipoib ipoib_helper ipv6
xfrm_nalgo crypto_api rdma_ucm rdma_cm ib_ucm ib_uverbs ib_umad ib_cm
iw_cm ib_addr ib_sa mlx4_ib ib_mad ib_core loop dm_mirror dm_multipath
scsi_dh video backlight sbs power_meter hwmon i2c_ec i2c_core dell_wmi wmi
button battery asus_acpi acpi_memhotplug ac parport_pc lp parport mlx4_en
joydev sr_mod cdrom sg qla2xxx tpm_tis tpm mlx4_core tpm_bios bnx2
scsi_transport_fc pcspkr i5000_edac edac_mc serio_raw dm_raid45 dm_message
dm_region_hash dm_log dm_mod dm_mem_cache ata_piix libata shpchp
megaraid_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 11693, comm: modprobe Tainted: P 2.6.18-238.1.1.el5 #1
RIP: 0010:[<ffffffff80157b5d>] [<ffffffff80157b5d>] list_del+0x8/0x71
RSP: 0000:ffff81006fd83ea8 EFLAGS: 00010213
RAX: 0000000000200200 RBX: ffff81006cdce9a8 RCX: ffff810037c2c3b8
RDX: ffff81006cdce8b8 RSI: 0000000000000000 RDI: ffff81006cdce9a8
RAX: 0000000000200200 RBX: ffff81006cdce9a8 RCX: ffff810037c2c3b8
RDX: ffff81006cdce8b8 RSI: 0000000000000000 RDI: ffff81006cdce9a8
RBP: 000000000001fff0 R08: ffff81007f06bbf8 R09: ffffffff8886f9f3
R10: ffffffff804b1300 R11: 0000000000000000 R12: 0000000000002000
R13: 0000000000000000 R14: ffffffff8886f9f3 R15: 0000000000000000
FS: 00002b0c65d266e0(0000) GS:ffff81007fae03c0(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000200200 CR3: 000000006af74000 CR4: 00000000000006e0
Process modprobe (pid: 11693, threadinfo ffff81006fd82000, task
ffff81007a652080)
Stack: ffff81006cdce8b8 ffffffff8887125d ffff81006cdce8b8
ffffffff8887017f
00000000000000ff 0000000000000000 0000000000000880 00000000113ac568
00007fff52d23520 ffffffff88870309 ffffffff8887ca00 ffffffff800a8559
Call Trace:
[<ffffffff8887125d>] :ip_conntrack:destroy_conntrack+0x9a/0xdc
[<ffffffff8887017f>] :ip_conntrack:ip_ct_iterate_cleanup+0x30/0x142
[<ffffffff88870309>] :ip_conntrack:ip_conntrack_cleanup+0x6a/0xc7
[<ffffffff800a8559>] sys_delete_module+0x196/0x1c5
[<ffffffff8005d28d>] tracesys+0xd5/0xe0
Code: 48 8b 10 48 39 fa 74 1b 48 89 fe 31 c0 48 c7 c7 90 3b 2c 80
RIP [<ffffffff80157b5d>] list_del+0x8/0x71
RSP <ffff81006fd83ea8>
CR2: 0000000000200200
<0>Kernel panic - not syncing: Fatal exception
sed -i "s/IPTABLES_MODULES_UNLOAD=\"yes\" /IPTABLES_MODULES_UNLOAD=\"yes\" " /etc/sysconfig/iptables-config
将IPTABLES_MODULES_UNLOAD="yes"改为no
功能:当iptables重启或停止时,是否卸载所载入的模块,yes表示是
本文转自it你好 51CTO博客,原文链接:http://blog.51cto.com/itnihao/840410,如需转载请自行联系原作者
