Displaying 20 results from an estimated 20000 matches similar to: "[Bug 790] Normalize iptables rules"
2013 Jun 24
0
[Bug 790] Normalize iptables rules
https://bugzilla.netfilter.org/show_bug.cgi?id=790
--- Comment #6 from Phil Oester <netfilter at linuxace.com> 2013-06-24 16:13:49 CEST ---
Since your script produces the output of ipt1, just make sure you use the same
order as iptables-save does. Iptables-save will always output args in the same
order. The bug appears to be in the output you are creating, which is beyond
our control.
--
2013 Jun 24
0
[Bug 790] Normalize iptables rules
https://bugzilla.netfilter.org/show_bug.cgi?id=790
--- Comment #5 from Andor <tothandor at gmail.com> 2013-06-24 11:34:44 CEST ---
ipt1 is an output of a firewall script mainly edited by hand, where parameters
order may vary.
ipt2 is the output of iptables-save, where parameters are strictly ordered.
As written before, the difference in parameter order spoils the comparison of
two
2013 Jun 28
0
[Bug 790] Normalize iptables rules
https://bugzilla.netfilter.org/show_bug.cgi?id=790
--- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-06-28 17:45:18 CEST ---
Have you considered setting up a different network namespace to achieve this?
For instance:
ip netns add test
ip netns exec test iptables-restore < /tmp/ipts
ip netns exec test iptables-save
This would seem to achieve the results you are looking
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 May 30
0
[Bug 773] iptables performance limits on # of rules using ipset
https://bugzilla.netfilter.org/show_bug.cgi?id=773
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC|jengelh at medozas.de |netfilter at linuxace.com
Resolution|
2013 May 23
0
[Bug 536] C++ compilation failure when using the iptables header files
https://bugzilla.netfilter.org/show_bug.cgi?id=536
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 May 29
0
[Bug 756] iptables: Memory allocation problem.
https://bugzilla.netfilter.org/show_bug.cgi?id=756
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-05-29
2013 Jun 11
0
[Bug 325] Parallel execution of the iptables is impossible.
https://bugzilla.netfilter.org/show_bug.cgi?id=325
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 Jun 11
0
[Bug 758] Retry iptables command on transient failure
https://bugzilla.netfilter.org/show_bug.cgi?id=758
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 Jul 26
0
[Bug 679] iptables-xml missing <match> in first <conditions> node
https://bugzilla.netfilter.org/show_bug.cgi?id=679
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 Jun 21
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-06-21
2013 Aug 27
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|jengelh at medozas.de |netfilter-buglog at lists.netf
| |ilter.org
--
Configure
2013 Jun 10
0
[Bug 599] netfilter/iptables leaking traffic when long chains are defined
https://bugzilla.netfilter.org/show_bug.cgi?id=599
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--- Comment #5 from Phil Oester
2013 May 20
0
[Bug 325] Parallel execution of the iptables is impossible.
https://bugzilla.netfilter.org/show_bug.cgi?id=325
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sworddragon2 at aol.com
--- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-05-20 22:35:01
2013 Jun 10
0
[Bug 756] iptables: Memory allocation problem.
https://bugzilla.netfilter.org/show_bug.cgi?id=756
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--- Comment #3 from Phil Oester
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |WONTFIX
--- Comment #10 from Phil Oester
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
--- Comment #5 from Phil Oester <netfilter at linuxace.com> 2013-06-24 20:07:02 CEST ---
Unclear how you can say with certainty that this is impossible, but let's
ignore that point for the moment.
Is there some reason that iptables-save should do the sorting for userspace
scripts? Another alternative would be to always load the
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
--- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-06-24 23:34:51 CEST ---
> would you be thrilled if all the rules were in random order too?
This comparison is a bit far fetched, given that ordering of rules is so
important (accept before drop, etc). The order in which tables are output in
iptables-save is largely
2013 Aug 27
0
[Bug 630] Enhancement: Allow rules to specify ICMP type ranges.
https://bugzilla.netfilter.org/show_bug.cgi?id=630
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
AssignedTo|pablo at netfilter.org |netfilter-buglog at lists.netf
2013 May 24
2
[Bug 591] NAT REDIRECT target does not always work
https://bugzilla.netfilter.org/show_bug.cgi?id=591
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-05-24