Red Hat Bugzilla – Bug 68173
failure to restore iptables file with multiple --dport lines
Last modified: 2007-03-26 23:54:38 EDT
Description of Problem: When having multiple entries in the iptables config file that use --dport (or --destination-port) the iptables "rc" script fails to start. However it works fine with 1 entry using --dport (or --destination-port), and it works fine manually adding the line using iptables (not the "iptables-restore" that the rc script uses). Version-Release number of selected component (if applicable): iptables-1.2.5-3 or iptables-1.2.5-5 How Reproducible: Every time Steps to Reproduce: 1. Add multiple entries to /etc/sysconfig/iptables file that have --dport (or --destination-port) entries. 2. start (or restart) iptables (rc script) using "service iptables start" Actual Results: Failure to start iptables service. Expected Results: Start iptables service. Additional Information: I hand-edit the /etc/sysconfig/iptables file (to be able to add comments, etc), so this may have some effect. If the new line is commented out then it all works again. I have not gotten round to trying iptables 1.2.6 (from source) yet :(
please attach /etc/sysconfig/iptables
Reporter still alive? Unable to reproduce this. Example needed. [Earlier versions of iptables had a case where -m tcp was necessary in order to load the "match TCP" userspace extension module.]