[Bug 805] New: osf iptables[-save] errors
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Sat Jan 5 15:54:59 CET 2013
http://bugzilla.netfilter.org/show_bug.cgi?id=805
Summary: osf iptables[-save] errors
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: blackhole at airpost.net
Estimated Hours: 0.0
Hello NF Team,
#1:
# $IPTABLES -A FOO -p tcp -m osf --genre Windows --ttl 1 --log 1
# $IPTABLES -S FOO
-N FOO
-A FOO -p tcp -m tcp -m osf --genre Windows
tested with:
kernel: 3.2.35 & 3.7.1
iptables: 1.4.16.3
iptables -[L|S] and iptables-save seem to miss the --ttl and --log options.
Therefore on restore, those settings get omitted.
------------------
#2:
# $IPTABLES -A FOO -p tcp -m osf ! --genre Windows
# $IPTABLES -S FOO
-N FOO
-A FOO -p tcp -m osf --genre ! Windows
interpolated negation is not used, thus restore with iptables-save fails.
------------------
#3:
Loading a ruleset, that uses the osf match, with iptables-save, without having
the fingerprints loaded with nfnl_osf, results in an unspecified error at the
very last COMMIT line. Giving no clue about the reason for the error.
------------------
#4:
Two mutual exclusive rules like:
-m osf --genre Windows
-m osf ! --genre Windows
always both match (return true - have equal counters).
------------------
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list