Red Hat Bugzilla – Bug 983198
iptables-save man page completely wrong - which conflicting arguments should work?
Last modified: 2013-11-21 18:34:48 EST
Description of problem:
I was trying to prevent iptables-save from loading kernel modules. I looked at "man iptables-save" which said:
iptables-save [-M modprobe] [-c] [-t table]
Specify the path to the modprobe program. By default, iptables-save will
inspect /proc/sys/kernel/modprobe to determine the executable’s path.
# iptables-save -M /dev/null
iptables-save: invalid option -- 'M'
Unknown arguments found on commandline
while iptables-save --help or -h does not work, the binary does seem to show there must me a magic incantation for it, because strings on the binary shows:
Usage: %s [-b] [-c] [-v] [-t] [-h]
[ --binary ]
[ --counters ]
[ --verbose ]
[ --test ]
[ --help ]
[ --noflush ]
[ --table=<TABLE> ]
Version-Release number of selected component (if applicable):
And indeed, --modprobe= seems to work as expected.
So there is a problem between the documented arguments and the actual arguments, possible induced by /sbin/iptables-save being an "/etc/alternative" link to /sbin/iptables-save-1.4.7
I'm not sure if the bug should be "fix the man page" or "fix the binary/link".
but if people were used to -M and now need --modprobe, perhaps iptables-save should allow for both now.
note that "iptables-save --help" or iptables-save -h" should also be fixed.
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release. Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.