Bug 28412 - iptables-{restore,save} broken
Summary: iptables-{restore,save} broken
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-02-20 11:44 UTC by Gerald Teschl
Modified: 2007-03-27 03:41 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-03-21 20:27:49 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Gerald Teschl 2001-02-20 11:44:07 UTC
The iptables-{restore,save} are broken. They contain so many errors I don't
even know
where to start!?

1) The rule
/sbin/iptables -A INPUT -s $Any -d $Any -i lo -j ACCEPT
will be stored as
-i lo -j ACCEPT 
and will case the error  "Bad argument `EPT'"

2) The rule 
/sbin/iptables -A INPUT -p icmp -j ACCEPT
will be stored as
-p icmp -j ACCEPT
and will case the error  "Bad argument `CCEPT'"

3) User defined chains will be put at the end. Hence they will
be created after the input rules are restored and any rule jumping
to such a chain will fail.

Hence after reboot your firewall will be gone.

Comment 1 Glen Foster 2001-02-21 15:04:16 UTC
This defect is considered MUST-FIX for Florence Release-Candidate #2

Comment 2 Bernhard Rosenkraenzer 2001-02-27 17:59:37 UTC
Fixed in 1.2.0-9

Comment 3 Gerald Teschl 2001-03-21 09:29:39 UTC
No its not fixed. It still does not work with user defined chains

[root@soliton sysconfig]# service iptables save
Saving current rules to /etc/sysconfig/iptables:           [  OK  ]
[root@soliton sysconfig]# service iptables stop
Resetting built-in chains to the default ACCEPT policy:    [  OK  ]
[root@soliton sysconfig]# service iptables start
Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
iptables-restore v1.2: Couldn't load target `PPP':/lib/iptables/libipt_PPP.so:
cannot open shared object file: No such file or directory
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Comment 4 Gerald Teschl 2001-03-21 09:33:39 UTC
*** Bug 31136 has been marked as a duplicate of this bug. ***

Comment 5 Bernhard Rosenkraenzer 2001-03-21 20:27:45 UTC
One of the best reasons not to report multiple bugs in one report - the major 
part of this was fixed by 1.2.0-10.

The remaining issue is fixed in 1.2.1a-1.

Comment 6 Gerald Teschl 2001-03-23 14:32:58 UTC
Works now.

Note You need to log in before you can comment on or make changes to this bug.