thr3ads.net - netfilter buglog - [Bug 524] New: packetfence - IPtables-save produces output that iptables-restore cannot parse [Oct 2006]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon@bugzilla.netfilter.org

2006-Oct-17 00:36 UTC

[Bug 524] New: packetfence - IPtables-save produces output that iptables-restore cannot parse

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=524

           Summary: packetfence - IPtables-save produces output that
                    iptables-restore cannot parse
           Product: iptables
           Version: 1.3.3
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: iptables-save
        AssignedTo: laforge@netfilter.org
        ReportedBy: bruce.rodger@strath.ac.uk


Running packetfence 1.6.1 (www.packetfence.org) on various flavours of linux,
including Fedora FC4, Ubuntu 6.06 and SLES 10.

packetfence uses IPTables::IPv4 to manipulate various tables.

It also uses iptables-save and iptables-restore at various points.


In some circumstances, iptables-save will generate output which iptables-restore
cannot parse. 

# /sbin/iptables-save > /tmp/iptables.out
# /sbin/iptables-restore < /tmp/iptables.out
Bad argument `0x0'
Error occurred at line: 612
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
#

The relevant lines in iptables.out are:

*mangle
:PREROUTING ACCEPT [4267852:1231310083]
:INPUT ACCEPT [3375309:1170682916]
:FORWARD ACCEPT [20785:1376634]
:OUTPUT ACCEPT [2280199:343290096]
:POSTROUTING ACCEPT [2287612:343773544]
-A PREROUTING -j MARK 0x0
-A PREROUTING -m mac --mac-source 00:00:39:25:FF:1A -j MARK --set-mark 0x1
-A PREROUTING -m mac --mac-source 00:00:39:3D:90:EA -j MARK --set-mark 0x1
-A PREROUTING -m mac --mac-source 00:00:39:47:C2:F1 -j MARK --set-mark 0x1
.
.
Note the first "-A PREROUTING" line - no "--set-mark".

We have also observed occasions when some (but not all) of the following lines
(with mac addresses) have no "--set-mark" entry - something like:

-A PREROUTING -m mac --mac-source 00:00:39:47:C2:F1 -j MARK 0x1


We have observed this with the iptables supplied with FC4 (1.3.0?) and Ubuntu
6.06 (1.3.3)

In both instances, we upgraded to 1.3.6 and observed the same problem.

In both cases, we then downgraded to iptables v1.2.11, and this appears to
resolve the issue.

Bruce.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Maybe Matching Threads

Search for more seemingly similar threads

netfilter buglog - Oct 2006 - [Bug 524] New: packetfence - IPtables-save produces output that iptables-restore cannot parse

[Bug 524] New: packetfence - IPtables-save produces output that iptables-restore cannot parse

Maybe Matching Threads

Wisdom of the Ancients