--- iptables-1.2.9/ip6tables.c.selinux	2004-01-25 13:39:58.652465653 -0500
+++ iptables-1.2.9/ip6tables.c	2004-01-25 13:52:50.291335019 -0500
@@ -1587,6 +1587,7 @@
 {
 	char *buf = NULL;
 	char *argv[3];
+	int i=0;
 
 	/* If they don't explicitly set it, read out of kernel */
 	if (!modprobe) {
@@ -1598,6 +1599,10 @@
 
 	switch (fork()) {
 	case 0:
+	        /* close open file descriptors */
+	        for (i=0; i< 10; i++) {
+		  close(i);
+		}
 		argv[0] = (char *)modprobe;
 		argv[1] = (char *)modname;
 		argv[2] = NULL;
--- iptables-1.2.9/iptables.c.selinux	2004-01-25 13:39:58.702460379 -0500
+++ iptables-1.2.9/iptables.c	2004-01-25 13:52:55.940802957 -0500
@@ -1583,6 +1583,7 @@
 {
 	char *buf = NULL;
 	char *argv[3];
+	int i=0;
 
 	/* If they don't explicitly set it, read out of kernel */
 	if (!modprobe) {
@@ -1594,6 +1595,10 @@
 
 	switch (fork()) {
 	case 0:
+	        /* close open file descriptors */
+	        for (i=0; i< 10; i++) {
+		  close(i);
+		}
 		argv[0] = (char *)modprobe;
 		argv[1] = (char *)modname;
 		argv[2] = NULL;