From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 Description of problem: When I add this rule to /etc/sysconfig/iptables to allow echo requests from a specific IP address like so: -A RH-Lokkit-0-50-INPUT -p icmp -i eth0 -s X.X.X.X --icmp-type echo-request -j ACCEPT I get the message: Applying iptables firewall rules: iptables-restore v1.2.6a: Unknown arg `--icmp-type' using -j DROP or -j REJECT work just find. Version-Release number of selected component (if applicable): iptables-1.2.6a-2 How reproducible: Always Steps to Reproduce: 1. Add rule '-A RH-Lokkit-0-50-INPUT -p icmp -i eth0 -s 10.0.0.1 --icmp-type echo-request -j ACCEPT' to the beginning of /etc/sysconfig/iptables (works with or without specific source IP) 2. /etc/init.d/iptables/restart Actual Results: All chains are flushed and the server/workstation is left unprotected. It produced this output: Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying iptables firewall rules: iptables-restore v1.2.6a: Unknown arg `--icmp-type' Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED] Expected Results: Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying iptables firewall rules: [ OK ] Additional info: I upgraded the RH8 box with the iptables-1.2.7a-2 package that comes with RH9) It works fine and solved the problem.
What additional information can I provide?
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an additional config file. /etc/sysconfig/iptables-config: > # Additional iptables modules (nat helper) > # Default: -empty- > #IPTABLES_MODULES="ip_nat_ftp" > > # Save current firewall rules on stop. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_STOP="no" > > # Save current firewall rules on restart. > # Value: yes|no, default: no > #IPTABLES_SAVE_ON_RESTART="no" > > # Save rule counter. > # Value: yes|no, default: yes > #IPTABLES_SAVE_COUNTER="yes" > > # Numeric status output > # Value: yes|no, default: no > #IPTABLES_STATUS_NUMERIC="no" RPM packages for 7.x: http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm RPM packages for 8.0: http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm RPM packages for 9: http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm