bugzilla-daemon@bugzilla.netfilter.org
2007-Mar-24 06:01 UTC
[Bug 505] iptables-save still doesn't like quotes
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505 ------- Additional Comments From mbr@cipherdyne.org 2007-03-24 06:01 MET ------- I've tested the proposed patch against the iptables-1.3.7 source, and find that it works in the reported broken case: # iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG # ./iptables-save > ipt.out # ./iptables-restore ipt.out # ./iptables-save > ipt.out2 # diff ipt.out ipt.out2 |grep 22 # If the 111\"222 test is important to get work in an existing iptables installation without waiting for this fix, then a work around is to use --hex-string "111|22|222" I wonder if it would be better for iptables-save to convert quote and backslash chars to their hex equivalent anyway to avoid escaping problems. Non-printable chars already force iptables-save to build a --hex-string statement anyway. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2007-Mar-24 06:01 UTC
[Bug 505] iptables-save still doesn't like quotes
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505 ------- Additional Comments From mbr@cipherdyne.org 2007-03-24 06:01 MET ------- I've tested the proposed patch against the iptables-1.3.7 source, and find that it works in the reported broken case: # iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG # ./iptables-save > ipt.out # ./iptables-restore ipt.out # ./iptables-save > ipt.out2 # diff ipt.out ipt.out2 |grep 22 # If the 111\"222 test is important to get work in an existing iptables installation without waiting for this fix, then a work around is to use --hex-string "111|22|222" I wonder if it would be better for iptables-save to convert quote and backslash chars to their hex equivalent anyway to avoid escaping problems. Non-printable chars already force iptables-save to build a --hex-string statement anyway. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2007-Mar-24 06:01 UTC
[Bug 505] iptables-save still doesn't like quotes
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505 mbr@cipherdyne.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mbr@cipherdyne.org -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 505] New: iptables-save still doesn't like quotes
- [Bug 505] iptables-save still doesn't like quotes
- [Bug 505] iptables-save still doesn't like quotes
- [Bug 1390] New: iptables -m string not working with --algo bm and OUTPUT chain under 5.3.x
- removing rows from a dataframe