Bug 1465078
| Summary: | commandline options handling flaws | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Karel Volný <kvolny> | |
| Component: | iptables | Assignee: | Phil Sutter <psutter> | |
| Status: | CLOSED ERRATA | QA Contact: | Jiri Peska <jpeska> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.4 | CC: | aloughla, atragler, iptables-maint-list, todoleza | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | iptables-1.4.21-27.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1655128 (view as bug list) | Environment: | ||
| Last Closed: | 2018-10-30 09:38:43 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1472751, 1655128 | |||
|
Description
Karel Volný
2017-06-26 15:33:13 UTC
Ignoring unknown parameters has been fixed by following upstream commit:
commit d89dc47ab3875f6fe6679cebceccd2000bf81b8e
Author: Vincent Bernat <vincent>
Date: Sat Apr 15 12:16:47 2017 +0200
iptables-restore/save: exit when given an unknown option
When an unknown option is given, iptables-restore should exit instead of
continue its operation. For example, if `--table` was misspelled, this
could lead to an unwanted change. Moreover, exit with a status code of
1. Make the same change for iptables-save.
OTOH, exit with a status code of 0 when requesting help.
Signed-off-by: Vincent Bernat <vincent>
Signed-off-by: Pablo Neira Ayuso <pablo>
Patches fixing the parsing issues of wait-interval option have been sent upstream: https://marc.info/?l=netfilter-devel&m=150592888910234&w=2
I decided to not forbid '-W 0' since it is not invalid per se - if specified, xtables_lock() routine will busy loop until the lock could be acquired.
Upstream accepted my patches:
commit 60e0ffd365a2d936b3df13c1289b2ef57b756d92
Author: Phil Sutter <phil>
Date: Wed Sep 20 19:34:35 2017 +0200
ip{,6}tables-restore: Don't ignore missing wait-interval value
Passing -W without a value doesn't make sense so bail out if none was
given.
Signed-off-by: Phil Sutter <phil>
Signed-off-by: Pablo Neira Ayuso <pablo>
commit 21ba5b3874fb3d0c4cccc9b59f65c8df575211e2
Author: Phil Sutter <phil>
Date: Wed Sep 20 19:34:36 2017 +0200
ip{,6}tables-restore: Don't accept wait-interval without wait
If -W <val> was given, error out if -w wasn't since that doesn't make
sense.
Signed-off-by: Phil Sutter <phil>
Signed-off-by: Pablo Neira Ayuso <pablo>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3093 |