Bug 1465078
Summary: | commandline options handling flaws | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Karel Volný <kvolny> | |
Component: | iptables | Assignee: | Phil Sutter <psutter> | |
Status: | CLOSED ERRATA | QA Contact: | Jiri Peska <jpeska> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 7.4 | CC: | aloughla, atragler, iptables-maint-list, todoleza | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | iptables-1.4.21-27.el7 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1655128 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 09:38:43 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1472751, 1655128 |
Description
Karel Volný
2017-06-26 15:33:13 UTC
Ignoring unknown parameters has been fixed by following upstream commit: commit d89dc47ab3875f6fe6679cebceccd2000bf81b8e Author: Vincent Bernat <vincent> Date: Sat Apr 15 12:16:47 2017 +0200 iptables-restore/save: exit when given an unknown option When an unknown option is given, iptables-restore should exit instead of continue its operation. For example, if `--table` was misspelled, this could lead to an unwanted change. Moreover, exit with a status code of 1. Make the same change for iptables-save. OTOH, exit with a status code of 0 when requesting help. Signed-off-by: Vincent Bernat <vincent> Signed-off-by: Pablo Neira Ayuso <pablo> Patches fixing the parsing issues of wait-interval option have been sent upstream: https://marc.info/?l=netfilter-devel&m=150592888910234&w=2 I decided to not forbid '-W 0' since it is not invalid per se - if specified, xtables_lock() routine will busy loop until the lock could be acquired. Upstream accepted my patches: commit 60e0ffd365a2d936b3df13c1289b2ef57b756d92 Author: Phil Sutter <phil> Date: Wed Sep 20 19:34:35 2017 +0200 ip{,6}tables-restore: Don't ignore missing wait-interval value Passing -W without a value doesn't make sense so bail out if none was given. Signed-off-by: Phil Sutter <phil> Signed-off-by: Pablo Neira Ayuso <pablo> commit 21ba5b3874fb3d0c4cccc9b59f65c8df575211e2 Author: Phil Sutter <phil> Date: Wed Sep 20 19:34:36 2017 +0200 ip{,6}tables-restore: Don't accept wait-interval without wait If -W <val> was given, error out if -w wasn't since that doesn't make sense. Signed-off-by: Phil Sutter <phil> Signed-off-by: Pablo Neira Ayuso <pablo> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3093 |