Bug 31460

Summary: iptables-restore fails to restore some rules
Product: [Retired] Red Hat Linux Reporter: CoreDump <toba>
Component: iptablesAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-03-11 21:36:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description CoreDump 2001-03-11 21:36:39 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.4.0-0.99.11 i586)




Reproducible: Always
Steps to Reproduce:
1.copy this file to /etc/sysconfig/iptables
2./etc/init.d/iptables start


Actual Results:  Flushing all current rules and user defined chains:       
[  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Bad argument `SYN'
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
                                                           [FAILED]


Expected Results:  It was saved by iptables-save, so I suppose it should
reload without problems.


The file to be copied to /etc/sysconfig/iptables:

*filter
:INPUT DROP [0:0]
[0:0] -s 1.1.1.1 -d 1.1.1.1 -i eth0 -p udp -m udp --sport 53 --dport
1024:65535 -j ACCEPT 
[0:0] -d 1.1.1.1 -i eth0 -p tcp -m tcp --dport 1024:65535 ! --tcp-flags
SYN,RST,ACK SYN -j ACCEPT 
COMMIT

(maybe some lines are broken by netscape :)

Strange is that the line with SYN itself doesn't cause any problem, only
together with the line before it.

Comment 1 Bernhard Rosenkraenzer 2001-03-21 20:31:05 UTC
Seems to work in 1.2.1a-1.


Comment 2 Dragu Bogdan 2005-03-03 18:10:12 UTC
for me it stil not work, do i have to change the 1.1.1.1 whit my ip ??