I've encounter issue on my firewall. After downgrade from iptables iptables-1.3.1-r1 I can not delete inserted previosly rules. Now I've checked that if I insert rules and then upgrade from iptabeles-1.2 to 1.3 I can not remove this rule. All firewalls, where rules are inserted and deleted automatically will experience problems after upgrade. For example, we have rules to allow or deny user to get into internet. If I missed this issue, many users could use their internet even if they do not have money on their accounts, because although my script swhich off them internet, iptables did not remove it actually. Reproducible: Always Steps to Reproduce: 1. insert rule like: iptables -A FORWARD -s 12.12.12.12 -j ACCEPT 2. upgrade iptables: env ACCEPT_KEYWORDS="~x86" emerge -pv iptables 3. attempt to delete fails: iptables -D FORWARD -s 12.12.12.12 -j ACCEPT iptables: Bad rule (does a matching rule exist in that chain?) althout I have this rule: iptables -L FORWARD -v -n Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 12.12.12.12 0.0.0.0/0
Hello. Upstream reported that this is not a bug, but a known behaviour. Look here: https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=334 But I'm sure it's necessary to make people aware about this feature. So adding some einfo (ewarn) in iptables ebuild is enough, to close this bug.
added to 1.3.2, thanks
forgot to close ...
I think the warning from the ebuild is misleading. I had to read this bug entry to understand what it means, it says: * When upgrading from iptables-1.2.x, you may be unable to remove * rules added with iptables-1.3.x. This is a known issue, please see: * http://bugs.gentoo.org/show_bug.cgi?id=92535 Actually, it should probalby say "you are unable to remove rules added with 1.2.x" (how can I add rules with 1.3.x before upgrading to 1.3.x anyways ? :)).
indeed ... fixed in cvs, thanks
