[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Jun 24 18:37:55 CEST 2013


Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
                 CC|                            |netfilter at linuxace.com
         Resolution|                            |WONTFIX

--- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-06-24 18:37:54 CEST ---
We cannot alter the default behavior of iptables-save, since admins are
potentially relying upon the current output in scripts.  However, what you want
to achieve is trivially done with userspace.  See below.

for table in $(sort /proc/net/ip_tables_names) ; do
    iptables-save -t $table | sed '/^#/d ; s/\[.*$//'

Output that to a text file and use diff to test for differences.


Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list