Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 28412 - iptables-{restore,save} broken
iptables-{restore,save} broken
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2001-02-20 06:44 EST by Gerald Teschl
Modified: 2007-03-26 23:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-03-21 15:27:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gerald Teschl 2001-02-20 06:44:07 EST
The iptables-{restore,save} are broken. They contain so many errors I don't
even know
where to start!?

1) The rule
/sbin/iptables -A INPUT -s $Any -d $Any -i lo -j ACCEPT
will be stored as
-i lo -j ACCEPT 
and will case the error  "Bad argument `EPT'"

2) The rule 
/sbin/iptables -A INPUT -p icmp -j ACCEPT
will be stored as
-p icmp -j ACCEPT
and will case the error  "Bad argument `CCEPT'"

3) User defined chains will be put at the end. Hence they will
be created after the input rules are restored and any rule jumping
to such a chain will fail.

Hence after reboot your firewall will be gone.
Comment 1 Glen Foster 2001-02-21 10:04:16 EST
This defect is considered MUST-FIX for Florence Release-Candidate #2
Comment 2 Bernhard Rosenkraenzer 2001-02-27 12:59:37 EST
Fixed in 1.2.0-9
Comment 3 Gerald Teschl 2001-03-21 04:29:39 EST
No its not fixed. It still does not work with user defined chains

[root@soliton sysconfig]# service iptables save
Saving current rules to /etc/sysconfig/iptables:           [  OK  ]
[root@soliton sysconfig]# service iptables stop
Resetting built-in chains to the default ACCEPT policy:    [  OK  ]
[root@soliton sysconfig]# service iptables start
Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
iptables-restore v1.2: Couldn't load target `PPP':/lib/iptables/libipt_PPP.so:
cannot open shared object file: No such file or directory
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Comment 4 Gerald Teschl 2001-03-21 04:33:39 EST
*** Bug 31136 has been marked as a duplicate of this bug. ***
Comment 5 Bernhard Rosenkraenzer 2001-03-21 15:27:45 EST
One of the best reasons not to report multiple bugs in one report - the major 
part of this was fixed by 1.2.0-10.

The remaining issue is fixed in 1.2.1a-1.

Comment 6 Gerald Teschl 2001-03-23 09:32:58 EST
Works now.

Note You need to log in before you can comment on or make changes to this bug.