1084974 – iptables-save cuts space before -j

Bug 1084974 - iptables-save cuts space before -j

Summary: iptables-save cuts space before -j

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	iptables
Sub Component:
Version:	6.5
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Thomas Woerner
QA Contact:	Tomas Dolezal
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-04-07 12:45 UTC by Konstantin Volkov
Modified:	2015-07-22 07:33 UTC (History)
CC List:	3 users (show)
Fixed In Version:	iptables-1.4.7-15
Doc Type:	Bug Fix
Doc Text:	Previously, a space after Datagram Congestion Control Protocol (DCCP) packet types for print and save was missing, which led to malformed output. With this update, a space has been added at the end of the print_types() function output. As a result, the output of the "iptables -L", "iptables -S", and iptables-save commands is now correct.
Clone Of:
Environment:
Last Closed:	2015-07-22 07:33:32 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Proposed fix (410 bytes, patch) 2015-02-27 15:38 UTC, Thomas Woerner	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:1404	normal	SHIPPED_LIVE	iptables bug fix and enhancement update	2015-07-20 18:07:10 UTC

Description Konstantin Volkov 2014-04-07 12:45:23 UTC

Description of problem:

iptables-save cuts space before -j

Version-Release number of selected component (if applicable):

iptables-1.4.7-11.el6.x86_64

How reproducible:
100%


Steps to Reproduce:
---
[root@localhost ~]# iptables -A INPUT -p dccp --dccp-types RESET,INVALID -j LOG --log-level DEBUG --log-prefix "DCCP RESET or INVALID: "
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LOG        dccp --  anywhere             anywhere            dccp RESET,INVALIDLOG level debug prefix `DCCP RESET or INVALID: ' 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost ~]# iptables-save |  grep DCCP
-A INPUT -p dccp -m dccp --dccp-type RESET,INVALID-j LOG --log-prefix "DCCP RESET or INVALID: " --log-level 7 
[root@localhost ~]# 
---

So, there is no space between INVALID and -j, and rule missed after /etc/init.d/iptables save && reboot .

Actual results:
iptables-save cuts space before -j

Expected results:
There should be space before -j

Additional info:
If i manually add space into /etc/sysconfig/iptables all works.

Comment 2 Thomas Woerner 2015-02-27 15:38:35 UTC

Created attachment 996097 [details]
Proposed fix

Adds space after dccp types.

Comment 6 errata-xmlrpc 2015-07-22 07:33:32 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1404.html

Note You need to log in before you can comment on or make changes to this bug.