Bug 68173 - failure to restore iptables file with multiple --dport lines
Summary: failure to restore iptables file with multiple --dport lines
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables
Version: 7.3
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-07-07 13:06 UTC by ivan
Modified: 2007-03-27 03:54 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-06-17 14:10:25 UTC
Embargoed:


Attachments (Terms of Use)

Description ivan 2002-07-07 13:06:44 UTC
Description of Problem:

When having multiple entries in the iptables config file that use --dport 
(or --destination-port) the iptables "rc" script fails to start. However it 
works fine with 1 entry using --dport (or --destination-port), and it 
works fine manually adding the line using iptables (not the "iptables-restore" 
that the rc script uses).


Version-Release number of selected component (if applicable):
iptables-1.2.5-3 or
iptables-1.2.5-5

How Reproducible:

Every time

Steps to Reproduce:
1. Add multiple entries to /etc/sysconfig/iptables file that have --dport 
   (or --destination-port) entries.
2. start (or restart) iptables (rc script) using "service iptables start"


Actual Results:

Failure to start iptables service.


Expected Results:

Start iptables service.


Additional Information:
	
I hand-edit the /etc/sysconfig/iptables file (to be able to add comments, etc), 
so this may have some effect. If the new line is commented out then it all 
works again. I have not gotten round to trying iptables 1.2.6 (from source) 
yet :(

Comment 1 Harald Hoyer 2002-08-12 14:13:35 UTC
please attach /etc/sysconfig/iptables

Comment 2 Michael Schwendt 2002-11-28 14:21:55 UTC
Reporter still alive?

Unable to reproduce this. Example needed.

[Earlier versions of iptables had a case where -m tcp was necessary in order to
load the "match TCP" userspace extension module.]



Note You need to log in before you can comment on or make changes to this bug.