netfilter buglog - Jun 2013 - [Bug 829] New: Should not need to turn on --verbose to --list to show interface

https://bugzilla.netfilter.org/show_bug.cgi?id=829

           Summary: Should not need to turn on --verbose to --list to show
                    interface
           Product: iptables
           Version: 1.4.x
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: iptables
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: netfilter at geoff.dj
   Estimated Hours: 0.0


It is incredibly confusing that a rule can apply to a specific interface and
therefore not be affecting a chain, but this is not obvious to a user unless
the --verbose flag is turned on.

The interface to which the rule applies is such a significant part of the rule
that it should not be only available in verbose mode.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=829

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |netfilter at linuxace.com
         Resolution|                            |INVALID

--- Comment #1 from Phil Oester <netfilter at linuxace.com> 2013-06-18
17:40:46 CEST ---
This was a design decision made many years ago.  Whether you agree with this
decision or not, users rely upon the current behavior (and likely have scripts
which interpret the current output).  It cannot be changed to avoid breaking
these scripts.

I suggest adding an alias:

alias iptl="iptables -nvL"

then using the iptl shortcut.  

Closing - this is not a bug.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=829

Geoff Winkless <netfilter at geoff.dj> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

--- Comment #2 from Geoff Winkless <netfilter at geoff.dj> 2013-06-18
20:05:35 CEST ---
So you're suggesting that because a bad decision was made before that that
decision should remain?

If you were to continue that backwards then netfilter should never have existed
because my ipchains scripts on slackware worked perfectly, thanks very much.

Your suggestion that setting up an alias would resolve the problem is even more
ridiculous; now that I know about the stupid -v flag I won't have to make
the
same mistake again, the problem was that I did not and therefore wasted time
trying to decipher output that was basically nonsensical.

If you want people's scripts to continue to work (IMO an invalid position,
but
I at least see the point of view) then at the very least you could add extra
output to the usage output that points out the deficiency in the default
output.

Even closing the bug as INVALID is basically nonsensical - the bug itself is
not invalid, you can mark it as WONTFIX, if you want, but the bug is inarguably
valid - the output is illegible without the listed interface.

I'm sure you'll just re-mark as INVALID, because the kind of attitude
that
writes this kind of ignorant and unhelpful response suggests that you're
more
than happy that the software you write is incomprehensible to users except
those l77t enough to know the magical -v flag. To be frank the whole design has
always given me exactly that impression since its inception.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=829

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pablo at netfilter.org

--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-06-19
02:10:14 CEST ---
We have:

iptables-save

and

iptables -S

to inspect the rule-set these days, they provide better outputs than iptables
-L. I suggest you to use those.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=829

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID

--- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-06-20
02:21:59 CEST ---
We simply cannot break untold numbers of scripts which are currently parsing
"iptables -L" output because of a poor design decision made eons ago.

The iptables binary is behaving exactly as it was designed to behave (whether
we believe that design is optimal or not).  As such, there is no bug here.  So
yes, closing again as invalid.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=829

Geoff Winkless <netfilter at geoff.dj> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|INVALID                     |WONTFIX

--- Comment #5 from Geoff Winkless <netfilter at geoff.dj> 2013-06-20
16:22:50 CEST ---
Just because something is how it is designed does not make it not a bug;
it's
simply a bug in design rather than a bug in code. I've marked as WONTFIX
since
there's clearly no inclination to change the behaviour but I don't
accept that
the report is invalid.

I'll create another bug suggesting a helpful message (something like
DON'T USE
-L) in the usage text - at least that way new users shouldn't spend hours
staring at broken output.

FWIW any script that runs -L and doesn't add -v is probably liable to
breakage
anyway, unless it explicitly requests chains for specific interfaces (in which
case you could discard the new change).

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.