Bug 1084974 - iptables-save cuts space before -j
Summary: iptables-save cuts space before -j
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: iptables
Version: 6.5
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Thomas Woerner
QA Contact: Tomas Dolezal
Depends On:
TreeView+ depends on / blocked
Reported: 2014-04-07 12:45 UTC by Konstantin Volkov
Modified: 2015-07-22 07:33 UTC (History)
3 users (show)

Fixed In Version: iptables-1.4.7-15
Doc Type: Bug Fix
Doc Text:
Previously, a space after Datagram Congestion Control Protocol (DCCP) packet types for print and save was missing, which led to malformed output. With this update, a space has been added at the end of the print_types() function output. As a result, the output of the "iptables -L", "iptables -S", and iptables-save commands is now correct.
Clone Of:
Last Closed: 2015-07-22 07:33:32 UTC
Target Upstream Version:

Attachments (Terms of Use)
Proposed fix (410 bytes, patch)
2015-02-27 15:38 UTC, Thomas Woerner
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1404 normal SHIPPED_LIVE iptables bug fix and enhancement update 2015-07-20 18:07:10 UTC

Description Konstantin Volkov 2014-04-07 12:45:23 UTC
Description of problem:

iptables-save cuts space before -j

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
[root@localhost ~]# iptables -A INPUT -p dccp --dccp-types RESET,INVALID -j LOG --log-level DEBUG --log-prefix "DCCP RESET or INVALID: "
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LOG        dccp --  anywhere             anywhere            dccp RESET,INVALIDLOG level debug prefix `DCCP RESET or INVALID: ' 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@localhost ~]# iptables-save |  grep DCCP
-A INPUT -p dccp -m dccp --dccp-type RESET,INVALID-j LOG --log-prefix "DCCP RESET or INVALID: " --log-level 7 
[root@localhost ~]# 

So, there is no space between INVALID and -j, and rule missed after /etc/init.d/iptables save && reboot .

Actual results:
iptables-save cuts space before -j

Expected results:
There should be space before -j

Additional info:
If i manually add space into /etc/sysconfig/iptables all works.

Comment 2 Thomas Woerner 2015-02-27 15:38:35 UTC
Created attachment 996097 [details]
Proposed fix

Adds space after dccp types.

Comment 6 errata-xmlrpc 2015-07-22 07:33:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.