Bug 26998 - initscript runs iptables-restore with bad command-line flags
Summary: initscript runs iptables-restore with bad command-line flags
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-02-10 23:57 UTC by Ben Liblit
Modified: 2007-04-18 16:31 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-10 23:57:40 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ben Liblit 2001-02-10 23:57:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (Win95; U)

In its "start" handler, the iptables initscript runs iptables-restore with "-p" and "-f" on the command line.  Neither of these flags is recognized by 
the iptables-restore executable.

Reproducible: Always
Steps to Reproduce:
1. Set up an iptables-using kernel.
2. Install a trivial rule:  "iptables -A INPUT -j ACCEPT"
3. Save the tables:  "service iptables save"
4. Clear out the tables:  "service iptables stop"
5. Try to reload the tables:  "service iptables start"

Actual Results:  Observed diagnostic output:

    /sbin/iptables-restore: invalid option -- p
    /sbin/iptables-restore: invalid option -- f
    Bad argument `[336:46265]'
    Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Expected Results:  Error-free execution of the initscript, with faithful restoration of all chains.

Notice that after the command-line flag complaints, iptables-restore prints an additional "Bad argument" error message.  This suggests that 
there are additional, deeper problems with iptables-restore's handling of the saved /etc/sysconfig/iptables file format.

The iptables initscript in the actual "fisher" public beta contains a scrambled mix of iptables and ipchains commands, and therefore is so 
broken that you probably won't even be able to walk through the steps listed above.  The Rawhide script is slightly better, and you should be 
able to follow the steps listed above provided that you have first manually fixed bug #26997.

The high-level summary of that bug report and this one is:  as recently as iptables-1.2.0-6, the initscript is badly broken in several ways, a fact 
that will be quite obvious to anyone actually using the scripts.

Comment 1 Bernhard Rosenkraenzer 2001-02-12 14:40:24 UTC

Note You need to log in before you can comment on or make changes to this bug.