The iptables-{restore,save} are broken. They contain so many errors I don't even know where to start!? 1) The rule /sbin/iptables -A INPUT -s $Any -d $Any -i lo -j ACCEPT will be stored as -------------------- -i lo -j ACCEPT -------------------- and will case the error "Bad argument `EPT'" 2) The rule /sbin/iptables -A INPUT -p icmp -j ACCEPT will be stored as -------------------- -p icmp -j ACCEPT -------------------- and will case the error "Bad argument `CCEPT'" 3) User defined chains will be put at the end. Hence they will be created after the input rules are restored and any rule jumping to such a chain will fail. Hence after reboot your firewall will be gone.
This defect is considered MUST-FIX for Florence Release-Candidate #2
Fixed in 1.2.0-9
No its not fixed. It still does not work with user defined chains (iptables-1.2.0-10): [root@soliton sysconfig]# service iptables save Saving current rules to /etc/sysconfig/iptables: [ OK ] [root@soliton sysconfig]# service iptables stop Resetting built-in chains to the default ACCEPT policy: [ OK ] [root@soliton sysconfig]# service iptables start Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying iptables firewall rules: [ OK ] iptables-restore v1.2: Couldn't load target `PPP':/lib/iptables/libipt_PPP.so: cannot open shared object file: No such file or directory Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED]
*** Bug 31136 has been marked as a duplicate of this bug. ***
One of the best reasons not to report multiple bugs in one report - the major part of this was fixed by 1.2.0-10. The remaining issue is fixed in 1.2.1a-1.
Works now.