[Bug 985] New: iptables-save cannot display devgroup rule the right way?

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Oct 29 01:51:45 CET 2014 

https://bugzilla.netfilter.org/show_bug.cgi?id=985

            Bug ID: 985
           Summary: iptables-save cannot display  devgroup rule the right
                    way?
           Product: iptables
           Version: 1.4.x
          Hardware: x86_64
                OS: other
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: iptables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: axinchan at cnrouter.com

## version messages
root at JIKE-GATEWAY ~>iptables -V
iptables v1.4.21
root at JIKE-GATEWAY ~>uname -a
Linux JIKE-GATEWAY 3.10.10 #33 SMP Tue Oct 28 17:45:58 CST 2014 x86_64
GNU/Linux


### 1st test 
root at JIKE-GATEWAY ~>ip lin set dev eth0 group 100
root at JIKE-GATEWAY ~>ip lin set dev eth1 group 200
root at JIKE-GATEWAY ~>iptables -I FORWARD -m devgroup --src-group 100 -m devgroup
--dst-group 200 -j ACCEPT

root at JIKE-GATEWAY ~>iptables-save |grep devgroup
-A FORWARD -m devgroup --src-group 0x64 -m devgroup --dst-group 0x0/0x0 -j
ACCEPT

root at JIKE-GATEWAY ~>iptables -nvL |grep src-group
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0  
         src-group 0x64 dst-group 0x0/0x0

### dest-group 0x0/0x0 was not just as my set


### 2nd test
root at JIKE-GATEWAY ~>ip lin set dev eth3 group 300
root at JIKE-GATEWAY ~>ip lin set dev eth4 group 400
root at JIKE-GATEWAY ~>iptables -I FORWARD -m devgroup --src-group 300 --dst-group
400 -j ACCEPT


root at JIKE-GATEWAY ~>iptables-save |grep devgroup
-A FORWARD -m devgroup --src-group 0x12c --dst-group 0x12c -j ACCEPT

root at JIKE-GATEWAY ~>iptables -nvL |grep src-group
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0  
         src-group 0x12c dst-group 0x12c

## again ,dst-group was wrong

i am not sure wether this is a bug? or i cann't use devgroup like this, or
something else?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141029/90806d0b/attachment.html>

More information about the netfilter-buglog mailing list