bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-19 08:27 UTC
[Bug 502] New: iptables -Z does not clear the policy counters
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=502 Summary: iptables -Z does not clear the policy counters Product: iptables Version: 1.3.5 Platform: i386 OS/Version: All Status: NEW Severity: normal Priority: P2 Component: iptables AssignedTo: laforge@netfilter.org ReportedBy: andy@andynet.net This may be the same as bug #352, which was closed but not resolved. iptables -Z clears the per-rule counters, but not the chain policy counters: $ sudo iptables --version iptables v1.3.3 $ sudo iptables -L INPUT -nv Chain INPUT (policy ACCEPT 1464K packets, 421M bytes) pkts bytes target prot opt in out source destination 294K 38M ACCEPT all -- * * 10.242.42.11 0.0.0.0/0 $ sudo iptables -Z INPUT $ sudo iptables -L INPUT -nv Chain INPUT (policy ACCEPT 1465K packets, 421M bytes) pkts bytes target prot opt in out source destination 33 3424 ACCEPT all -- * * 10.242.42.11 0.0.0.0/0 iptables 1.3.5 works the same. This is a regression from earlier versions, not sure when it changed, but I have a Fedora Core2 system with 1.2.11 which clears the policy counters as well: # iptables --version iptables v1.2.11 # iptables -L -nv Chain INPUT (policy ACCEPT 2037 packets, 291K bytes) pkts bytes target prot opt in out source destination 4 336 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 # iptables -Z # iptables -L -nv Chain INPUT (policy ACCEPT 24 packets, 2020 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 This patch against svn fixes it: ==================================================================--- libiptc/libiptc.c (revision 6660) +++ libiptc/libiptc.c (working copy) @@ -1656,6 +1656,9 @@ return 0; } + if (c->counter_map.maptype == COUNTER_MAP_NORMAL_MAP) + c->counter_map.maptype = COUNTER_MAP_ZEROED; + list_for_each_entry(r, &c->rules, list) { if (r->counter_map.maptype == COUNTER_MAP_NORMAL_MAP) r->counter_map.maptype = COUNTER_MAP_ZEROED; -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.