Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 285416 - home-router-howto: using deprecated syntax in iptables
Summary: home-router-howto: using deprecated syntax in iptables
Status: RESOLVED FIXED
Alias: None
Product: [OLD] Docs on www.gentoo.org
Classification: Unclassified
Component: Other documents (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: nm (RETIRED)
URL: http://www.gentoo.org/doc/en/home-rou...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-18 06:36 UTC by Azamat H. Hackimov
Modified: 2009-09-18 08:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
home-router-howto.xml.patch (home-router-howto.xml.patch,1.67 KB, patch)
2009-09-18 06:38 UTC, Azamat H. Hackimov 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Azamat H. Hackimov 2009-09-18 06:36:57 UTC 
In home-router-howto iptables uses negation option like this:
  iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
but currently iptables says:
  Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`).

All rules that uses negation should look like this:
  iptables -A INPUT -p UDP --dport bootps ! -i ${LAN} -j REJECT



Reproducible: Always
Comment 1 Azamat H. Hackimov 2009-09-18 06:38:03 UTC 
Created attachment 204488 [details, diff]
home-router-howto.xml.patch

Patch with fixed commands
Comment 2 nm (RETIRED) gentoo-dev 2009-09-18 07:17:04 UTC 
Source? According to the iptables manpage, it seems to be acceptable to use:

-i ! eth0

. . . for example. Have you found another document online someplace, or is there any terminal output that specifically states that the above is deprecated in favor of "! -i eth0"?
Comment 3 Azamat H. Hackimov 2009-09-18 07:27:53 UTC 
I use stable net-firewall/iptables-1.4.3.2. iptables throw this:

# iptables -A INPUT -p TCP --dport 33999 -i ! eth0 -j REJECT
Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`).

And his manpage says use negation sign _before_ option.
Comment 4 nm (RETIRED) gentoo-dev 2009-09-18 08:34:39 UTC 
K, I'll see about updating the guide.
Comment 5 nm (RETIRED) gentoo-dev 2009-09-18 08:37:00 UTC 
Thanks for reporting and for posting the patch.

Fixed in CVS.