Description of Problem: iptables-save is unable to correctly save iptables rules that contain an interface description that includes the '+' character. iptables itself considers the interface description "eth+" to match "eth0", "eth1", "eth2", etc., however, when iptables-save stores such a rule it merely inserts "-i eth" which causes the rule to match no interfaces. There is no error output, so user assumes everything worked and on the next reboot stands a very good chance of not being able to access the machine remotely. Version-Release number of selected component (if applicable): iptables-1.2.1a-1 How Reproducible: The clearest demonstration I can think of would be to clear out clear out all of the rules, set the default policy for the input chain to be DENY and add the rule: iptables -A INPUT -i eth+ -j ACCEPT then do an iptables-save followed by an iptables-restore and try to connect from a remote machine, it won't work. If you examine /etc/sysconfig/iptables you will see for that rule that the line will read: [0:0] -A INPUT -i eth -j ACCEPT (or something similar). iptables-restore restores this rule faithfully and tells iptables to match an interface named "eth", which of course doesn't exist, so all packets will be ignored by this rule.
Install the errata package released a couple of days ago.