bugzilla-daemon at netfilter.org
2017-Oct-17 11:40 UTC
[Bug 1191] New: Empty parameters generate errors on iptables-restore, even when saved by iptables-save
https://bugzilla.netfilter.org/show_bug.cgi?id=1191
Bug ID: 1191
Summary: Empty parameters generate errors on iptables-restore,
even when saved by iptables-save
Product: iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: iptables-restore
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: valeriug at gmail.com
Empty comments "" are allowed and working in iptables. iptables-save
saves them
correctly, but iptables-restore does not work when it encounters them.
The problem comes from iptables-restore.c function add_param_to_argv(char
*parsestart) which skips the parameters "".
Here is a example how to reproduce the problem:
- add a rule with an empty comment to running iptables
- run iptables-save
- run iptables-restore on the file saved by iptables-save
[root at ip-10-1-1-93 ~]# iptables -t filter -A INPUT -s 1.2.3.4/32 -d
1.2.3.5/32
-m comment --comment "" -j ACCEPT
[root at ip-10-1-1-93 ~]# iptables-save | tee /tmp/ipt-save
# Generated by iptables-save v1.4.21 on Tue Oct 17 07:31:53 2017
*nat
:PREROUTING ACCEPT [270:31944]
:INPUT ACCEPT [266:31784]
:OUTPUT ACCEPT [24586:1567483]
:POSTROUTING ACCEPT [24586:1567483]
COMMIT
# Completed on Tue Oct 17 07:31:53 2017
# Generated by iptables-save v1.4.21 on Tue Oct 17 07:31:53 2017
*filter
:INPUT ACCEPT [149:11200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [79:7842]
-A INPUT -s 1.2.3.4/32 -d 1.2.3.5/32 -m comment --comment "" -j ACCEPT
COMMIT
# Completed on Tue Oct 17 07:31:53 2017
[root at ip-10-1-1-93 ~]# iptables-restore /tmp/ipt-save
Bad argument `ACCEPT'
Error occurred at line: 14
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
[root at ip-10-1-1-93 ~]#
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171017/1e727c5c/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jul-23 13:25 UTC
[Bug 1191] Empty parameters generate errors on iptables-restore, even when saved by iptables-save
https://bugzilla.netfilter.org/show_bug.cgi?id=1191
michael.gsegner at ingenico.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|netfilter-buglog at lists.netf |michael.gsegner at
ingenico.co
|ilter.org |m
CC| |michael.gsegner at ingenico.co
| |m
--- Comment #1 from michael.gsegner at ingenico.com ---
Created attachment 544
--> https://bugzilla.netfilter.org/attachment.cgi?id=544&action=edit
patch to manage empty args in iptables-restore
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180723/694bd898/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jul-23 13:28 UTC
[Bug 1191] Empty parameters generate errors on iptables-restore, even when saved by iptables-save
https://bugzilla.netfilter.org/show_bug.cgi?id=1191 --- Comment #2 from michael.gsegner at ingenico.com --- Hello, I have same issue. Since iptables and iptables-save accept empty paramaeters I think that iptables-restore should handle it. I post a patch which consists to add an empty argument to newargv array. Hope it will help. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180723/ca9e7431/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jul-23 17:11 UTC
[Bug 1191] Empty parameters generate errors on iptables-restore, even when saved by iptables-save
https://bugzilla.netfilter.org/show_bug.cgi?id=1191
michael.gsegner at ingenico.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|michael.gsegner at ingenico.co |netfilter-buglog at
lists.netf
|m |ilter.org
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180723/0bd3cac3/attachment.html>