Bug 44118 - iptables-save saves certain rules incorrectly
Summary: iptables-save saves certain rules incorrectly
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 7.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-06-11 16:11 UTC by David A. Madore
Modified: 2007-04-18 16:33 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-11 18:00:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
fix iptables-save (1.59 KB, patch)
2001-06-11 18:00 UTC, David A. Madore
no flags Details | Diff

Description David A. Madore 2001-06-11 16:11:52 UTC
Description of Problem:
Some firewall rules are subtly altered by iptables-save. Notably, interface
names such as ppp+ become simply ppp, and --reject-with
icmp-port-unreachable becomes --reject-with icmp-proto-unreachable

How Reproducible:
always

Steps to Reproduce:
1. iptables -N TEST_CHAIN && iptables -A TEST_CHAIN -i ppp+ -j REJECT
--reject-with icmp-port-unreachable
2. iptables-save | fgrep TEST_CHAIN
3. iptables -F TEST_CHAIN && iptables -X TEST_CHAIN

Actual Results:
:TEST_CHAIN - [0:0]
-A TEST_CHAIN -i ppp -j REJECT --reject-with icmp-proto-unreachable 

Expected Results:
:TEST_CHAIN - [0:0]
-A TEST_CHAIN -i ppp+ -j REJECT --reject-with icmp-port-unreachable 

Additional Information:
iptables-1.2.1a-1 and kernel 2.4.5 (not the pristine RedHat kernel), but
this is probably irrelevant

Comment 1 David A. Madore 2001-06-11 18:00:30 UTC
Created attachment 20743 [details]
fix iptables-save

Comment 2 Bernhard Rosenkraenzer 2001-06-27 13:03:56 UTC
Thanks, fixed in 1.2.2-2



Note You need to log in before you can comment on or make changes to this bug.