This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
First Last Prev Next    This bug is not in your last search results.
Bug 77337 - Save/Restore IPTables with negative mac matches
Save/Restore IPTables with negative mac matches
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-05 08:19 EST by Need Real Name
Modified: 2007-04-18 12:48 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-23 07:03:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
fix for 1.2.6a and 1.2.7a (1.02 KB, patch)
2002-11-06 11:16 EST, Michael Schwendt 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Need Real Name 2002-11-05 08:19:50 EST 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
When defining IPTables Rules with a negative MAC match (ie -m mac ! --mac 
xx:xx:xx:xx:xx:xx) and they are save via the Red Hat Init Script the iptables-
save script writes the negative mac match to /etc/sysconfig/iptables and 
forgets a space between the "!" (NOT) and the actual MAC address.

When trying to restore the rules the "iptales-restore" script exits with a "Bad 
mac address" error.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Add a rule like the following: iptables -A FORWARD -m mac ! --mac 
00:00:00:00:00:00 -j DROP
2. Save the rule: /etc/init.d/iptables save
3. Try to reload the rules: /etc/init.d/iptables restart
	

Actual Results:  IPTables rules can not be restored from /etc/sysconfig/iptables
Rules are empty...

Expected Results:  Iptables rules should have been set.

Additional info:

Output:

Applying iptables firewall rules: iptables-restore v1.2.6a: Bad mac address '!
00:00:00:00:00:00'
Try 'iptables-restore -h' or 'iptables-restore --help' for more information.

--------------------------

Because of this bug IPTables are empty when trying to restore, so I think this 
is severe.

Bug exists at least since Red Hat 7.2 (introduction of iptables)

--------------------------
Solution:

I wrote a dirty perl hack that checks the /etc/sysconfig/iptables for negative 
mac matches and adds a space between the ! and the mac address.
Comment 1 Michael Schwendt 2002-11-06 11:16:47 EST 
Created attachment 83865 [details]
fix for 1.2.6a and 1.2.7a
Comment 2 Michael Schwendt 2002-11-06 11:23:27 EST 
Btw, the patch applies against 1.2.5 (e.g. Red Hat Linux 7.3), too, with offset
1 line.
Comment 3 Need Real Name 2002-11-06 13:11:59 EST 
Tested against 1.2.6a: works!
Comment 4 Michael Schwendt 2003-01-16 07:44:12 EST 
This one is fixed as of 1.2.7a-1 in Raw Hide (with a more recent patch).
Comment 5 Kjartan Maraas 2003-04-03 13:43:40 EST 
Should this be closed then? Reassigning to new owner.
Comment 6 Michael Schwendt 2003-04-03 14:12:49 EST 
Yes, resolution is CURRENTRELEASE.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.