Bug 1084974

Summary: iptables-save cuts space before -j
Product: Red Hat Enterprise Linux 6 Reporter: Konstantin Volkov <wolf>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: Tomas Dolezal <todoleza>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.5CC: iptables-maint-list, mnavrati, todoleza
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: iptables-1.4.7-15 Doc Type: Bug Fix
Doc Text:
Previously, a space after Datagram Congestion Control Protocol (DCCP) packet types for print and save was missing, which led to malformed output. With this update, a space has been added at the end of the print_types() function output. As a result, the output of the "iptables -L", "iptables -S", and iptables-save commands is now correct.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-22 07:33:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proposed fix none

Description Konstantin Volkov 2014-04-07 12:45:23 UTC 
Description of problem:

iptables-save cuts space before -j

Version-Release number of selected component (if applicable):

iptables-1.4.7-11.el6.x86_64

How reproducible:
100%


Steps to Reproduce:
---
[root@localhost ~]# iptables -A INPUT -p dccp --dccp-types RESET,INVALID -j LOG --log-level DEBUG --log-prefix "DCCP RESET or INVALID: "
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LOG        dccp --  anywhere             anywhere            dccp RESET,INVALIDLOG level debug prefix `DCCP RESET or INVALID: ' 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost ~]# iptables-save |  grep DCCP
-A INPUT -p dccp -m dccp --dccp-type RESET,INVALID-j LOG --log-prefix "DCCP RESET or INVALID: " --log-level 7 
[root@localhost ~]# 
---

So, there is no space between INVALID and -j, and rule missed after /etc/init.d/iptables save && reboot .

Actual results:
iptables-save cuts space before -j

Expected results:
There should be space before -j

Additional info:
If i manually add space into /etc/sysconfig/iptables all works.
Comment 2 Thomas Woerner 2015-02-27 15:38:35 UTC 
Created attachment 996097 [details]
Proposed fix

Adds space after dccp types.
Comment 6 errata-xmlrpc 2015-07-22 07:33:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1404.html