101140 – iptables v1.2.6a: Unknown arg `--gid-owner'

Bug 101140 - iptables v1.2.6a: Unknown arg `--gid-owner'

Summary: iptables v1.2.6a: Unknown arg `--gid-owner'

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	iptables
Sub Component:
Version:	8.0
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-07-29 15:51 UTC by Need Real Name
Modified:	2007-04-18 16:56 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2003-07-31 09:57:04 UTC
Embargoed:

Attachments	(Terms of Use)

Description Need Real Name 2003-07-29 15:51:30 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2)
Gecko/20030208 Netscape/7.02

Description of problem:
Trying to use:

     iptables -A OUTPUT -m owner --gid-owner 513 -j REJECT

Yields:

iptables: Invalid argument

Under iptables v1.2.5 (on Enterprise Edition of RH)the line above is
syntactically correct.  I know because I typed the line out and the command was
accepted.  Also, I can see the rule appear on the OUPUT chain (when I type
"iptables -L")


When typing "iptables -A OUTPUT -m owner --gid-owner" I get the error listed on
the summary line.

Something has changed the funtionallity of iptables.  An seldom used version of
RedHat (Dual boot) yields the same error.

Version-Release number of selected component (if applicable):
See summary

How reproducible:
Always

Steps to Reproduce:
1.iptables -A OUTPUT -m owner --gid-owner 513 -j REJECT
2.<return and/or enter>
3.
    

Actual Results:  iptables: Invalid argument

Expected Results:  No error.

iptables -L should list a new rule in the OUTPUT Chain.

Additional info:

When originally building this machine, the command in question worked. However,
suspect one of the updates (from up2date) has changed something in iptables.

Suspect a kernel update, or a changed to iptables.

I have a serious need to block members of a certain group from having
access outside the box.

Comment 1 Thomas Woerner 2003-07-29 16:05:23 UTC

The problem is that the iptables-1.2.5 does not work properly with newer kernels.

Please have a look at

http://people.redhat.com/twoerner/SRPMS/8.0/iptables-1.2.8-8.80.1.src.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-8.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-8.80.1.i386.rpm

Comment 2 Need Real Name 2003-07-30 13:41:01 UTC

Grabbed src rpm and built and installed new rpm for iptables v1.2.8 

Replaced the iptables v1.2.6a with the new version.  New version fixes the
problem with the iptables command indicated in the ticket.

However, the /etc/init.d/iptables script has a problem with the save portion.  I
edited /etc/sysconfig/iptables by hand, but I usually use "service iptables save"

I currently get:

Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 1:
stat: command not found

I could fix the script, if I have time, however, the fix should come from RH.


Sincerely,


Stanley V. Hornyak
RedHat Certified Engineer (RHCE)

Comment 3 Thomas Woerner 2003-07-31 09:57:04 UTC

I am sorry, there was a missing requires for stat. There are fixed packages:

http://people.redhat.com/twoerner/SRPMS/8.0/iptables-1.2.8-8.80.2.src.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-8.80.2.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-8.80.2.i386.rpm

Note You need to log in before you can comment on or make changes to this bug.