--- iptables-1.3.0/ip6tables.c.selinux	2005-01-04 11:38:39.000000000 +0100
+++ iptables-1.3.0/ip6tables.c	2005-02-21 17:51:24.811668259 +0100
@@ -1612,6 +1612,7 @@
 	char *buf = NULL;
 	char *argv[3];
 	int status;
+	int i = 0;
 
 	/* If they don't explicitly set it, read out of kernel */
 	if (!modprobe) {
@@ -1623,6 +1624,10 @@
 
 	switch (fork()) {
 	case 0:
+	        /* close open file descriptors */
+	        for (i=0; i< 10; i++) {
+		  close(i);
+		}
 		argv[0] = (char *)modprobe;
 		argv[1] = (char *)modname;
 		argv[2] = NULL;
--- iptables-1.3.0/iptables.c.selinux	2005-01-04 11:38:38.000000000 +0100
+++ iptables-1.3.0/iptables.c	2005-02-21 17:51:33.409499635 +0100
@@ -1708,6 +1708,7 @@
 	char *buf = NULL;
 	char *argv[3];
 	int status;
+	int i = 0;
 
 	/* If they don't explicitly set it, read out of kernel */
 	if (!modprobe) {
@@ -1719,6 +1720,10 @@
 
 	switch (fork()) {
 	case 0:
+	        /* close open file descriptors */
+	        for (i=0; i< 10; i++) {
+		  close(i);
+		}
 		argv[0] = (char *)modprobe;
 		argv[1] = (char *)modname;
 		argv[2] = NULL;