Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 44118 - iptables-save saves certain rules incorrectly
iptables-save saves certain rules incorrectly
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2001-06-11 12:11 EDT by David A. Madore
Modified: 2007-04-18 12:33 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-06-11 14:00:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
fix iptables-save (1.59 KB, patch)
2001-06-11 14:00 EDT, David A. Madore
no flags Details | Diff

  None (edit)
Description David A. Madore 2001-06-11 12:11:52 EDT
Description of Problem:
Some firewall rules are subtly altered by iptables-save. Notably, interface
names such as ppp+ become simply ppp, and --reject-with
icmp-port-unreachable becomes --reject-with icmp-proto-unreachable

How Reproducible:

Steps to Reproduce:
1. iptables -N TEST_CHAIN && iptables -A TEST_CHAIN -i ppp+ -j REJECT
--reject-with icmp-port-unreachable
2. iptables-save | fgrep TEST_CHAIN
3. iptables -F TEST_CHAIN && iptables -X TEST_CHAIN

Actual Results:
:TEST_CHAIN - [0:0]
-A TEST_CHAIN -i ppp -j REJECT --reject-with icmp-proto-unreachable 

Expected Results:
:TEST_CHAIN - [0:0]
-A TEST_CHAIN -i ppp+ -j REJECT --reject-with icmp-port-unreachable 

Additional Information:
iptables-1.2.1a-1 and kernel 2.4.5 (not the pristine RedHat kernel), but
this is probably irrelevant
Comment 1 David A. Madore 2001-06-11 14:00:30 EDT
Created attachment 20743 [details]
fix iptables-save
Comment 2 Bernhard Rosenkraenzer 2001-06-27 09:03:56 EDT
Thanks, fixed in 1.2.2-2

Note You need to log in before you can comment on or make changes to this bug.