Public bug reported:
If your iptables contains rules that use --hex-string from string
module, example
iptables -A INPUT -i eth0 -p udp -m string --hex-string "|ffffffff50|"
--algo bm --to 65535 -j DROP
and then you dump your iptables rules to a file with iptables-save, the
rule above will be written as
-A INPUT -i eth0 -p udp -m string --hex-string"|ffffffff50|" --algo bm
--to 65535 -j DROP
Notice the absence of a required space before the hex-string pattern.
This also cause iptables-restore to complain about the rule being
invalid when importing the rules file and halt at the rule with error
This bug is reproduceable on both Precise (iptables 1.4.12-1ubuntu4) and
Quantal (1.4.12-2ubuntu2)
People that automatically restores their iptables rules at boot might want to
manually correct the rule in their firewall rules file if they use --hex-string
** Affects: iptables (Ubuntu)
Importance: Undecided
Status: New
** Tags: iptables iptables-restore iptables-save
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1074923
Title:
iptables-save doesn't write --hex-string pattern correctly
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1074923/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
