Bug 91560 - iptables-1.2.6a won't save rule with --icmp-type
Summary: iptables-1.2.6a won't save rule with --icmp-type
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
(Show other bugs)
Version: 8.0
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-05-24 05:38 UTC by Christopher Gahlon
Modified: 2007-04-18 16:53 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-07-03 09:38:40 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2003:213 normal SHIPPED_LIVE : Updated iptables packages are available 2003-08-25 04:00:00 UTC

Description Christopher Gahlon 2003-05-24 05:38:41 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
When I add this rule to /etc/sysconfig/iptables to allow echo requests from a
specific IP address like so:
-A RH-Lokkit-0-50-INPUT -p icmp -i eth0 -s X.X.X.X --icmp-type echo-request -j
ACCEPT

I get the message:
Applying iptables firewall rules: iptables-restore v1.2.6a: Unknown arg
`--icmp-type'

using -j DROP or -j REJECT work just find.

Version-Release number of selected component (if applicable):
iptables-1.2.6a-2

How reproducible:
Always

Steps to Reproduce:
1. Add rule '-A RH-Lokkit-0-50-INPUT -p icmp -i eth0 -s 10.0.0.1 --icmp-type
echo-request -j ACCEPT' to the beginning of /etc/sysconfig/iptables 
(works with or without specific source IP)

2. /etc/init.d/iptables/restart

Actual Results:  All chains are flushed and the server/workstation is left
unprotected.

It produced this output:
Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying iptables firewall rules: iptables-restore v1.2.6a: Unknown arg
`--icmp-type'
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]


Expected Results:
Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying iptables firewall rules:                          [  OK  ]


Additional info:

I upgraded the RH8 box with the iptables-1.2.7a-2 package that comes with RH9) 
It works fine and solved the problem.

Comment 1 Christopher Gahlon 2003-06-18 15:22:25 UTC
What additional information can I provide? 

Comment 2 Thomas Woerner 2003-07-03 09:38:40 UTC
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an
additional config file.


/etc/sysconfig/iptables-config:
> # Additional iptables modules (nat helper)
> # Default: -empty-
> #IPTABLES_MODULES="ip_nat_ftp"
> 
> # Save current firewall rules on stop.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_STOP="no"
> 
> # Save current firewall rules on restart.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_RESTART="no"
> 
> # Save rule counter.
> # Value: yes|no,  default: yes
> #IPTABLES_SAVE_COUNTER="yes"
> 
> # Numeric status output
> # Value: yes|no,  default: no
> #IPTABLES_STATUS_NUMERIC="no"


RPM packages for 7.x:
http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm

RPM packages for 8.0:
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm

RPM packages for 9:
http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm



Note You need to log in before you can comment on or make changes to this bug.