[Bug 940] New: ip6tables-save output invalid rule when using D/SNPT
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue May 13 18:42:58 CEST 2014
https://bugzilla.netfilter.org/show_bug.cgi?id=940
Summary: ip6tables-save output invalid rule when using D/SNPT
Product: iptables
Version: 1.4.x
Platform: x86_64
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: ip6tables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: kjm.kznr+netfilter at gmail.com
Estimated Hours: 0.0
Created attachment 442
--> https://bugzilla.netfilter.org/attachment.cgi?id=442
fix invalid output patch
ip6tables-save command output invalid rules.
Steps to reproduce:
1. ip6tables -t mangle -A PREROUTING -d 2001:db8:0:1::/64 -i eth1 -j DNPT
--src-pfx 2001:db8:0:1::/64 --dst-pfx 2001:db8:ffff:2::/64
2. ip6tables -t mangle -A POSTROUTING -s 2001:db8:ffff:2::/64 -j SNPT
--src-pfx 2001:db8:ffff:2::/64 --dst-pfx 2001:db8:0:1::/64
3. ip6tables-save -t mangle
Actual Results:
# ip6tables-save -t mangle
# Generated by ip6tables-save v1.4.20 on Tue May 13 00:35:06 2014
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -d 2001:470:f9b0:a005::/64 -i eth1 -j DNPT--src-pfx
2001:470:f9b0:a005::/64 --dst-pfx fdde:3033:88c2:d005::/64
-A POSTROUTING -s fdde:3033:88c2:d005::/64 -j SNPT--src-pfx
fdde:3033:88c2:d005::/64 --dst-pfx 2001:470:f9b0:a005::/64
COMMIT
Expected Results:
# Generated by ip6tables-save v1.4.20 on Wed May 14 01:36:03 2014
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -d 2001:470:f9b0:a005::/64 -i eth1 -j DNPT --src-pfx
2001:470:f9b0:a005::/64 --dst-pfx fdde:3033:88c2:d005::/64
-A POSTROUTING -s fdde:3033:88c2:d005::/64 -j SNPT --src-pfx
fdde:3033:88c2:d005::/64 --dst-pfx 2001:470:f9b0:a005::/64
COMMIT
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list