| Summary: | iptables-save doesn't work with MAC | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | fbusse |
| Component: | New packages | Assignee: | Daniel Ahlberg (RETIRED) <aliz> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | 1.4_rc1 | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | Patch for iptables-save | ||
Created attachment 5663 [details, diff]
Patch for iptables-save
Commited, thanks for finding this! |
"iptables-restore" doesn't work if "iptables-save" saved a rule with "-m mac --mac-source" To reproduce this: Create a rule: iptables -A INPUT -i eth0 -m mac --mac-source ! 00:01:02:03:04:05 -j REJECT Save this rule iptables-save > test.iptables Load the ruleset iptables-restore test.iptables iptables-restore v1.2.7a: Bad mac address `!00:01:02:03:04:05' Try `iptables-restore -h' or 'iptables-restore --help' for more iptables-save doesn't add a space before it prints the mac-address, it looks like this: -A INPUT -i wlan0 -m mac --mac !00:02:2D:5C:08:1B -j DROP instead of: -A INPUT -i wlan0 -m mac --mac ! 00:02:2D:5C:08:1B -j DROP This problem is known since at least April 2002, but hasn't been fixed yet by the netfilter team, although the patch is really very simple. I attached it for both IPv4 and IPv6 for iptables-1.2.7a. Just needs an extra line in the ebuild: patch -p0 < ${FILESDIR}/iptables.diff