From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 Description of problem: Trying to use: iptables -A OUTPUT -m owner --gid-owner 513 -j REJECT Yields: iptables: Invalid argument Under iptables v1.2.5 (on Enterprise Edition of RH)the line above is syntactically correct. I know because I typed the line out and the command was accepted. Also, I can see the rule appear on the OUPUT chain (when I type "iptables -L") When typing "iptables -A OUTPUT -m owner --gid-owner" I get the error listed on the summary line. Something has changed the funtionallity of iptables. An seldom used version of RedHat (Dual boot) yields the same error. Version-Release number of selected component (if applicable): See summary How reproducible: Always Steps to Reproduce: 1.iptables -A OUTPUT -m owner --gid-owner 513 -j REJECT 2.<return and/or enter> 3. Actual Results: iptables: Invalid argument Expected Results: No error. iptables -L should list a new rule in the OUTPUT Chain. Additional info: When originally building this machine, the command in question worked. However, suspect one of the updates (from up2date) has changed something in iptables. Suspect a kernel update, or a changed to iptables. I have a serious need to block members of a certain group from having access outside the box.
The problem is that the iptables-1.2.5 does not work properly with newer kernels. Please have a look at http://people.redhat.com/twoerner/SRPMS/8.0/iptables-1.2.8-8.80.1.src.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-8.80.1.i386.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-8.80.1.i386.rpm
Grabbed src rpm and built and installed new rpm for iptables v1.2.8 Replaced the iptables v1.2.6a with the new version. New version fixes the problem with the iptables command indicated in the ticket. However, the /etc/init.d/iptables script has a problem with the save portion. I edited /etc/sysconfig/iptables by hand, but I usually use "service iptables save" I currently get: Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 1: stat: command not found I could fix the script, if I have time, however, the fix should come from RH. Sincerely, Stanley V. Hornyak RedHat Certified Engineer (RHCE)
I am sorry, there was a missing requires for stat. There are fixed packages: http://people.redhat.com/twoerner/SRPMS/8.0/iptables-1.2.8-8.80.2.src.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-8.80.2.i386.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-8.80.2.i386.rpm