After setting up a working firewall and NAT routing using "--mac-source" filter, I
found the rules became broken after restarting firewall with the init.d script.
I checked the output of iptables-save, and found that rules that filtered based
on "--mac-source" changed to just "--mac".

Reproducible: Always
Steps to Reproduce:
1.create firewall rule involving --mac-source
2.run /etc/init.d/iptables save
3.run /etc/init.d/iptables restart

Actual Results:  
rules concerning "--mac-source" were broken


Expected Results:  
iptables-save should have saved the rules correctly so it could be restarted
and not be broken.

Portage 2.0.47-r10 (default-x86-1.4, gcc-3.2.2, glibc-2.3.1-r4)
=================================================================
System uname: 2.4.20 i686 Pentium II (Klamath)
GENTOO_MIRRORS="http://gentoo.oregonstate.edu/
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config
/usr/kde/2/share/config /usr/kde/3/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
PORTDIR="/usr/portage"
DISTDIR="/usr/portage/distfiles"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR_OVERLAY=""
USE="oss 3dnow arts avi gtk imlib jpeg kde gnome libwww mikmod motif nls png qt
quicktime sdl svga X xmms xv aalib acpi apache2 apm berkdb crypt cups directfb
doc dvb encode fbcon gdbm gif gpm imap innodb java ldap libg++ mbox mmx mpeg
mysql ncurses nocardbus oav odbc oggvorbis opengl pam pdflib perl python
readline samba sasl slang slp socks5 spell sse ssl tcpd tetex truetype usb xml2
zlib x86"
COMPILER="gcc3"
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium2 -O3 -pipe"
CXXFLAGS="-march=pentium2 -O3 -pipe"
ACCEPT_KEYWORDS="x86"
MAKEOPTS="-j2"
AUTOCLEAN="yes"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
FEATURES="sandbox ccache"