254496 – net-firewall/iptables-1.4.2-r1 iptables-save miss space separator after value of option hashlimit-htable-gcinterval

Bug 254496 - net-firewall/iptables-1.4.2-r1 iptables-save miss space separator after value of option hashlimit-htable-gcinterval

Summary: net-firewall/iptables-1.4.2-r1 iptables-save miss space separator after value...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:	http://bugzilla.netfilter.org/show_bu...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-01-10 22:51 UTC by Михаил
Modified:	2009-01-21 18:37 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Михаил 2009-01-10 22:51:29 UTC

iptables-save miss space separator when saving rules. Result fail to restore.

Problem with option hashlimit-htable-gcinterval.

Reproducible: Always

Steps to Reproduce:
1. Add rule with hashlimit-htable-gcinterval.

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m hashlimit --hashlimit-above 2/min --hashlimit-burst 3 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-size 20 --hashlimit-htable-max 30 --hashlimit-htable-gcinterval 60000 --hashlimit-htable-expire 300000 -j REJECT --reject-with tcp-reset

2. iptables-save > /tmp/rules

3. iptables-restore < /tmp/rules
Actual Results:  
iptables-restore v1.4.2: hashlimit: Bad value for "--hashlimit-htable-gcinterval" option: "60000--hashlimit-htable-expire"

Expected Results:  
restoring without errors

Comment 1 Михаил 2009-01-10 23:15:56 UTC

http://bugzilla.netfilter.org/show_bug.cgi?id=550

Comment 2 Daniel Drake (RETIRED) gentoo-dev

2009-01-20 16:20:29 UTC

patch accepted upstream
https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commitdiff_plain;h=04c97954d5933fc935616f69a8e63944d5c6cec4

Comment 3 Михаил 2009-01-20 16:42:20 UTC

(In reply to comment #2)
> patch accepted upstream

This patch is not complete. Bug is alive.
http://bugzilla.netfilter.org/show_bug.cgi?id=568

Comment 4 Peter Volkov (RETIRED) gentoo-dev

2009-01-21 18:37:38 UTC

Thank you for report, Михаил. This bug should finally be fixed in iptables-1.4.2-r2.