Bug 101140 – iptables v1.2.6a: Unknown arg `--gid-owner'

Bug 101140 - iptables v1.2.6a: Unknown arg `--gid-owner'

Summary:	iptables v1.2.6a: Unknown arg `--gid-owner'

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	iptables (Show other bugs)
Sub Component:
Version:	8.0
Hardware:	i686 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Thomas Woerner
QA Contact:	Ben Levenson
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2003-07-29 11:51 EDT by Need Real Name
Modified:	2007-04-18 12:56 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2003-07-31 05:57:04 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Need Real Name 2003-07-29 11:51:30 EDT

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2)
Gecko/20030208 Netscape/7.02

Description of problem:
Trying to use:

     iptables -A OUTPUT -m owner --gid-owner 513 -j REJECT

Yields:

iptables: Invalid argument

Under iptables v1.2.5 (on Enterprise Edition of RH)the line above is
syntactically correct.  I know because I typed the line out and the command was
accepted.  Also, I can see the rule appear on the OUPUT chain (when I type
"iptables -L")


When typing "iptables -A OUTPUT -m owner --gid-owner" I get the error listed on
the summary line.

Something has changed the funtionallity of iptables.  An seldom used version of
RedHat (Dual boot) yields the same error.

Version-Release number of selected component (if applicable):
See summary

How reproducible:
Always

Steps to Reproduce:
1.iptables -A OUTPUT -m owner --gid-owner 513 -j REJECT
2.<return and/or enter>
3.
    

Actual Results:  iptables: Invalid argument

Expected Results:  No error.

iptables -L should list a new rule in the OUTPUT Chain.

Additional info:

When originally building this machine, the command in question worked. However,
suspect one of the updates (from up2date) has changed something in iptables.

Suspect a kernel update, or a changed to iptables.

I have a serious need to block members of a certain group from having
access outside the box.

Comment 1 Thomas Woerner 2003-07-29 12:05:23 EDT

The problem is that the iptables-1.2.5 does not work properly with newer kernels.

Please have a look at

http://people.redhat.com/twoerner/SRPMS/8.0/iptables-1.2.8-8.80.1.src.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-8.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-8.80.1.i386.rpm

Comment 2 Need Real Name 2003-07-30 09:41:01 EDT

Grabbed src rpm and built and installed new rpm for iptables v1.2.8 

Replaced the iptables v1.2.6a with the new version.  New version fixes the
problem with the iptables command indicated in the ticket.

However, the /etc/init.d/iptables script has a problem with the save portion.  I
edited /etc/sysconfig/iptables by hand, but I usually use "service iptables save"

I currently get:

Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 1:
stat: command not found

I could fix the script, if I have time, however, the fix should come from RH.


Sincerely,


Stanley V. Hornyak
RedHat Certified Engineer (RHCE)

Comment 3 Thomas Woerner 2003-07-31 05:57:04 EDT

I am sorry, there was a missing requires for stat. There are fixed packages:

http://people.redhat.com/twoerner/SRPMS/8.0/iptables-1.2.8-8.80.2.src.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-8.80.2.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-8.80.2.i386.rpm

Note You need to log in before you can comment on or make changes to this bug.