iptables-save saves unrestorable output for -m owner --uid-owner 12345. It misses space before an argument: [0:0] -A OUTPUT -o ! lo -m owner --uid-owner65534 -j nobody instead of [0:0] -A OUTPUT -o ! lo -m owner --uid-owner 65534 -j nobody This leads to failures while restoring rules, thus iptables fail to start on system startup and system left unprotected or not properly functional.
Created attachment 178647 [details, diff] The fix for this problem This was reported to mainstream also: http://bugzilla.netfilter.org/show_bug.cgi?id=570
Reassigning to base-system herd.
*** Bug 254435 has been marked as a duplicate of this bug. ***
patch accepted upstream https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commitdiff_plain;h=cfb9cf0509ad8100cd8d6ab52d60a8ffbb318578
not exactly sure why, but bug 254435 seems to indicate that 2.6.28 exposes this iptables bug on some systems at least
Thank you for report, Andrew. Patch was added in iptables-1.4.2-r2. Daniel the only explanation I have is that kernel now returns value without space after that, but I have not looked deeper atm.