Description of problem: firewall-cmd --add-rich-rule with source and destination combination Version-Release number of selected component (if applicable): firewalld-0.3.3-2.fc19.noarch How reproducible: always Steps to Reproduce: 1, [root@masox ~]# firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.34.4.76" destination address="10.11.5.7" protocol value=icmp reject' Error: global name 'msg' is not defined 2, [root@masox ~]# echo $? 254 3, [root@masox ~]# tail /var/log/messages -n2 Jul 23 16:27:14 masox firewalld: 2013-07-23 16:27:14 ERROR: '/sbin/iptables -t filter -A IN_ZONE_work_deny -s 10.34.4.76 -s 10.11.5.7 -p icmp -m conntrack --ctstate NEW -j REJECT' failed: iptables v1.4.18: multiple -s flags not allowed Jul 23 16:27:14 masox firewalld: 2013-07-23 16:27:14 ERROR: '/sbin/iptables -t filter -A IN_ZONE_work_deny -s 10.34.4.76 -s 10.11.5.7 -p icmp -m conntrack --ctstate NEW -j REJECT' failed: iptables v1.4.18: multiple -s flags not allowed Actual results: Error: global name 'msg' is not defined Expected results: that's probably wrong command combination but error message is complete out of scope Additional info:
*** This bug has been marked as a duplicate of bug 979804 ***