From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.4 i686; en-US; rv:0.9) Gecko/20010505 Description of problem: iptables-save seems to get the --reject-with options icmp-proto-unreachable and icmp-port-unreachable mixed up. How reproducible: Always Steps to Reproduce: 1. iptables -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable 2. iptables -L 3. iptables-save Actual Results: iptables -L output: REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable iptables-save output: -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-proto-unreachable Expected Results: iptables-save should have said: -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable Additional info: The bug also occurs the other way around (ie if the rule says icmp-proto-unreachable, it will be saved as icmp-port-unreachable) This bug seems fixed in the netfilter CVS, but I couldn't find anything about it in the changelogs so maybe it was fixed accidently.
Fixed in 1.2.2-1