From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
When defining IPTables Rules with a negative MAC match (ie -m mac ! --mac 
xx:xx:xx:xx:xx:xx) and they are save via the Red Hat Init Script the iptables-
save script writes the negative mac match to /etc/sysconfig/iptables and 
forgets a space between the "!" (NOT) and the actual MAC address.

When trying to restore the rules the "iptales-restore" script exits with a "Bad 
mac address" error.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Add a rule like the following: iptables -A FORWARD -m mac ! --mac 
00:00:00:00:00:00 -j DROP
2. Save the rule: /etc/init.d/iptables save
3. Try to reload the rules: /etc/init.d/iptables restart
	

Actual Results:  IPTables rules can not be restored from /etc/sysconfig/iptables
Rules are empty...

Expected Results:  Iptables rules should have been set.

Additional info:

Output:

Applying iptables firewall rules: iptables-restore v1.2.6a: Bad mac address '!
00:00:00:00:00:00'
Try 'iptables-restore -h' or 'iptables-restore --help' for more information.

--------------------------

Because of this bug IPTables are empty when trying to restore, so I think this 
is severe.

Bug exists at least since Red Hat 7.2 (introduction of iptables)

--------------------------
Solution:

I wrote a dirty perl hack that checks the /etc/sysconfig/iptables for negative 
mac matches and adds a space between the ! and the mac address.