[Bug 505] iptables-save still doesn't like quotes

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Sat Mar 24 06:01:01 CET 2007


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505





------- Additional Comments From mbr at cipherdyne.org  2007-03-24 06:01 MET -------
I've tested the proposed patch against the iptables-1.3.7 source, and find that
it works in the reported broken case:

#   iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG
#  ./iptables-save > ipt.out
#  ./iptables-restore ipt.out
#  ./iptables-save > ipt.out2
#  diff ipt.out ipt.out2 |grep 22
#

If the 111\"222 test is important to get work in an existing iptables
installation without waiting for this fix, then a work around is to use
--hex-string "111|22|222"

I wonder if it would be better for iptables-save to convert quote and backslash
chars to their hex equivalent anyway to avoid escaping problems.  Non-printable
chars already force iptables-save to build a --hex-string statement anyway.

-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the netfilter-buglog mailing list