Bug 65245 - ip6tables-save output incorrect
Summary: ip6tables-save output incorrect
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables
Version: 7.3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: wdovlrrw
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-05-20 20:25 UTC by Need Real Name
Modified: 2007-04-18 16:42 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2003-01-13 21:53:22 UTC


Attachments (Terms of Use)
patch against iptables 1.2.5 from Red Hat (1.95 KB, patch)
2002-10-18 16:27 UTC, Michael Schwendt
no flags Details | Diff

Description Need Real Name 2002-05-20 20:25:42 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc1) Gecko/20020417

Description of problem:
'ip6tables-save' yields the following output:

# Generated by ip6tables-save v1.2.5 on Mon May 20 14:13:16 2002
*filter
:INPUT ACCEPT [32:3072]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s ::/0 -d ::/0 -i eth0 -p tcp -m tcp --dport 22 SYN/SYN,ACK,URG-j ACCEPT
-A INPUT -s ::/0 -d ::/0 -i eth0 -p tcp -m tcp --dport 993 SYN/SYN,ACK,URG-j ACCEPT
-A INPUT -s ::/0 -d ::/0 -i eth0 -p tcp -m tcp SYN/SYN-j DROP
-A INPUT -s ::/0 -d ::/0 -i eth0 -p udp -j DROP
COMMIT
# Completed on Mon May 20 14:13:16 2002

There are two apparent problems (which ip6tables-restore complains about):

1. No space between the TCP flags and -j
2. No switch to specify beginning of TCP flags

Below is the output from 'ip6tables -L -n'
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp      ::/0                 ::/0               tcp dpt:22
flags:0x32/0x02
ACCEPT     tcp      ::/0                 ::/0               tcp dpt:993
flags:0x32/0x02
DROP       tcp      ::/0                 ::/0               tcp flags:0x02/0x02
DROP       udp      ::/0                 ::/0

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. /sbin/ip6tables -A INPUT -i eth0 -p tcp --syn -j DROP
2. /sbin/ip6tables-save
3.
	

Actual Results:  ip6tables-save generates invalid output

Expected Results:  ip6tables-save should always generate something that
iptables-restore can read

Additional info:

iptables-ipv6-1.2.5-3

Comment 1 Michael Schwendt 2002-10-18 16:27:40 UTC
Created attachment 80948 [details]
patch against iptables 1.2.5 from Red Hat

Comment 2 Michael Schwendt 2002-10-18 16:28:18 UTC
This is fixed in 1.2.7a and could be backported to 1.2.5. See if attached patch
fixes it for you.



Comment 3 Bill Nottingham 2003-01-13 21:53:22 UTC
fixed in 1.2.7a-1.


Note You need to log in before you can comment on or make changes to this bug.