Description of problem: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=79249 --quote------------------------------------------------------------ Description of Problem: Linux 2.4.20 and 2.5 (apparently starting from 2.5.32) extend the owner match to support to allow matching on the process "comm" name and does so by enlarging the structure used to pass owner match data. This means that versions of iptables not updated to support the new kernels are unable to use owner match at all (because the kernel check the struct size). This is apparently fixed in iptables 1.2.7a: please upgrade or backport the patch. Version-Release number of selected component (if applicable): iptables-1.2.6a-2 How Reproducible: Every time. Steps to Reproduce: 1. Boot Linux 2.4.20, 2.5.32 or later 2. iptables -A OUTPUT -m owner --uid-owner <uid> -j DROP Actual Results: "iptables: Invalid argument" Expected Results: iptables succeeds and the rule is enacted ------- Additional Comment #1 From Bill Nottingham on 2003-01-13 16:11 ------- fixed in 1.2.7a-1 --/qoute------------------------------------------------------------ Version-Release number of selected component (if applicable): iptables-1.2.5-3
*** Bug 91500 has been marked as a duplicate of this bug. ***
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an additional config file. /etc/sysconfig/iptables-config: > # Additional iptables modules (nat helper) > # Default: -empty- > #IPTABLES_MODULES="ip_nat_ftp" > > # Save current firewall rules on stop. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_STOP="no" > > # Save current firewall rules on restart. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_RESTART="no" > > # Save rule counter. > # Value: yes|no, default: yes > #IPTABLES_SAVE_COUNTER="yes" > > # Numeric status output > # Value: yes|no, default: no > #IPTABLES_STATUS_NUMERIC="no" RPM packages for 7.x: http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm RPM packages for 8.0: http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm RPM packages for 9: http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm