Bug 1084974 - iptables-save cuts space before -j
Summary: iptables-save cuts space before -j
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: iptables
Version: 6.5
Hardware: All
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Thomas Woerner
QA Contact: Tomas Dolezal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-04-07 12:45 UTC by Konstantin Volkov
Modified: 2015-07-22 07:33 UTC (History)
3 users (show)

Fixed In Version: iptables-1.4.7-15
Doc Type: Bug Fix
Doc Text:
Previously, a space after Datagram Congestion Control Protocol (DCCP) packet types for print and save was missing, which led to malformed output. With this update, a space has been added at the end of the print_types() function output. As a result, the output of the "iptables -L", "iptables -S", and iptables-save commands is now correct.
Clone Of:
Environment:
Last Closed: 2015-07-22 07:33:32 UTC

Attachments (Terms of Use)
Proposed fix (410 bytes, patch)
2015-02-27 15:38 UTC, Thomas Woerner 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1404 normal SHIPPED_LIVE iptables bug fix and enhancement update 2015-07-20 18:07:10 UTC

Description Konstantin Volkov 2014-04-07 12:45:23 UTC 
Description of problem:

iptables-save cuts space before -j

Version-Release number of selected component (if applicable):

iptables-1.4.7-11.el6.x86_64

How reproducible:
100%


Steps to Reproduce:
---
[root@localhost ~]# iptables -A INPUT -p dccp --dccp-types RESET,INVALID -j LOG --log-level DEBUG --log-prefix "DCCP RESET or INVALID: "
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LOG        dccp --  anywhere             anywhere            dccp RESET,INVALIDLOG level debug prefix `DCCP RESET or INVALID: ' 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost ~]# iptables-save |  grep DCCP
-A INPUT -p dccp -m dccp --dccp-type RESET,INVALID-j LOG --log-prefix "DCCP RESET or INVALID: " --log-level 7 
[root@localhost ~]# 
---

So, there is no space between INVALID and -j, and rule missed after /etc/init.d/iptables save && reboot .

Actual results:
iptables-save cuts space before -j

Expected results:
There should be space before -j

Additional info:
If i manually add space into /etc/sysconfig/iptables all works.
Comment 2 Thomas Woerner 2015-02-27 15:38:35 UTC 
Created attachment 996097 [details]
Proposed fix

Adds space after dccp types.
Comment 6 errata-xmlrpc 2015-07-22 07:33:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1404.html
Note You need to log in before you can comment on or make changes to this bug.