Bug 983198 - iptables-save man page completely wrong - which conflicting arguments should work?
iptables-save man page completely wrong - which conflicting arguments should ...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: iptables (Show other bugs)
Unspecified Unspecified
unspecified Severity low
: rc
: ---
Assigned To: Thomas Woerner
Ales Zelinka
Depends On:
Blocks: 983200
  Show dependency treegraph
Reported: 2013-07-10 12:59 EDT by Paul Wouters
Modified: 2013-11-21 18:34 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 983200 1054871 (view as bug list)
Last Closed: 2013-11-21 18:34:48 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1710 normal SHIPPED_LIVE iptables bug fix and enhancement update 2013-11-20 16:51:52 EST

  None (edit)
Description Paul Wouters 2013-07-10 12:59:59 EDT
Description of problem:

I was trying to prevent iptables-save from loading kernel modules. I looked at "man iptables-save" which said:

       iptables-save [-M modprobe] [-c] [-t table]

      -M modprobe_program
              Specify the path to the modprobe program. By default, iptables-save will
              inspect /proc/sys/kernel/modprobe to determine the executable’s path.

# iptables-save -M /dev/null
iptables-save: invalid option -- 'M'
Unknown arguments found on commandline

while iptables-save --help or -h does not work, the binary does seem to show there must me a magic incantation for it, because strings on the binary shows:

Usage: %s [-b] [-c] [-v] [-t] [-h]
           [ --binary ]
           [ --counters ]
           [ --verbose ]
           [ --test ]
           [ --help ]
           [ --noflush ]
           [ --table=<TABLE> ]
          [ --modprobe=<command>]

Version-Release number of selected component (if applicable):

And indeed, --modprobe= seems to work as expected.

So there is a problem between the documented arguments and the actual arguments, possible induced by /sbin/iptables-save being an "/etc/alternative" link to /sbin/iptables-save-1.4.7

I'm not sure if the bug should be "fix the man page" or "fix the binary/link".

but if people were used to -M and now need --modprobe, perhaps iptables-save should allow for both now.
Comment 1 Paul Wouters 2013-07-10 13:00:41 EDT
note that "iptables-save --help" or iptables-save -h" should also be fixed.
Comment 5 RHEL Product and Program Management 2013-08-13 10:32:17 EDT
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 9 errata-xmlrpc 2013-11-21 18:34:48 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.