Bug 77337 - Save/Restore IPTables with negative mac matches
Summary: Save/Restore IPTables with negative mac matches
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables
Version: 8.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: wdovlrrw
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2002-11-05 13:19 UTC by Need Real Name
Modified: 2007-04-18 16:48 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-04-23 11:03:57 UTC

Attachments (Terms of Use)
fix for 1.2.6a and 1.2.7a (1.02 KB, patch)
2002-11-06 16:16 UTC, Michael Schwendt
no flags Details | Diff

Description Need Real Name 2002-11-05 13:19:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
When defining IPTables Rules with a negative MAC match (ie -m mac ! --mac 
xx:xx:xx:xx:xx:xx) and they are save via the Red Hat Init Script the iptables-
save script writes the negative mac match to /etc/sysconfig/iptables and 
forgets a space between the "!" (NOT) and the actual MAC address.

When trying to restore the rules the "iptales-restore" script exits with a "Bad 
mac address" error.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add a rule like the following: iptables -A FORWARD -m mac ! --mac 
00:00:00:00:00:00 -j DROP
2. Save the rule: /etc/init.d/iptables save
3. Try to reload the rules: /etc/init.d/iptables restart

Actual Results:  IPTables rules can not be restored from /etc/sysconfig/iptables
Rules are empty...

Expected Results:  Iptables rules should have been set.

Additional info:


Applying iptables firewall rules: iptables-restore v1.2.6a: Bad mac address '!
Try 'iptables-restore -h' or 'iptables-restore --help' for more information.


Because of this bug IPTables are empty when trying to restore, so I think this 
is severe.

Bug exists at least since Red Hat 7.2 (introduction of iptables)


I wrote a dirty perl hack that checks the /etc/sysconfig/iptables for negative 
mac matches and adds a space between the ! and the mac address.

Comment 1 Michael Schwendt 2002-11-06 16:16:47 UTC
Created attachment 83865 [details]
fix for 1.2.6a and 1.2.7a

Comment 2 Michael Schwendt 2002-11-06 16:23:27 UTC
Btw, the patch applies against 1.2.5 (e.g. Red Hat Linux 7.3), too, with offset
1 line.

Comment 3 Need Real Name 2002-11-06 18:11:59 UTC
Tested against 1.2.6a: works!

Comment 4 Michael Schwendt 2003-01-16 12:44:12 UTC
This one is fixed as of 1.2.7a-1 in Raw Hide (with a more recent patch).

Comment 5 Kjartan Maraas 2003-04-03 18:43:40 UTC
Should this be closed then? Reassigning to new owner.

Comment 6 Michael Schwendt 2003-04-03 19:12:49 UTC
Yes, resolution is CURRENTRELEASE.

Note You need to log in before you can comment on or make changes to this bug.