[Bug 866] Missing newline with --list-rules

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sat Oct 26 12:01:06 CEST 2013 

https://bugzilla.netfilter.org/show_bug.cgi?id=866

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
                 CC|                            |pablo at netfilter.org
         Resolution|                            |WONTFIX

--- Comment #6 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-10-26 12:01:04 CEST ---
(In reply to comment #5)
[...]
> It would be better to output every rule completely without regard for whether
> iptables would currently accept them on the command line.  They might all be
> valid at restore time.  Complete output could be processed by some other
> command (such as `grep -v quota2`) to produce the rules desired, and would also
> help for simple inspection of errors introduced into the table.

iptables *cannot* output the rule including the quota2 match if it doesn't
locate the quota2 extension in its typical library location (commonly,
/usr/lib/xtables/libxt_*.so) or, alternatively, if that support is not compiled
built-in. The extension allows iptables to interpret the rule in binary format
and translate it to human readable syntax, if the "interpreter" (the extension
in this case) is not found, then you hit problems like this.

I guess that Android is doing some nasty hack, probably adding the rule using
the quota2 match via the internal library libiptc (which was not ever intended
to be a public library) but then fails to find the extension to interpret it
due to broken packaging.

Please, file a bug to your Android vendor, they seem to be providing a *pretty
broken* installation of iptables, including that custom quota2 extension that
we don't support in mainstream Linux kernels and iptables, so they can fix it.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list