Package: iptables Version: 1.8.4-2 Severity: grave Tags: security After upgrading from "1.8.3-2", iptables-restore handles empty lines differently and does not restore the rules. Thus old rulesets stored with save and then annotated for better readability (to avoid loads of "iptables -A" calls), do not load any more.
As firewall data is ignored, this might break network access to machines or have unknown security impact on the current firewall ruleset. # iptables-restore --noflush <<EOF > *nat > > -A POSTROUTING -s 10.0.0.0/16 -o usb0 -j SNAT --to-source 192.168.0.1 > COMMIT > *filter > > -A INPUT -p tcp -m tcp --dport 22 -j DROP > COMMIT > EOF iptables-restore: COMMIT expected at line 2 # iptables-restore --noflush <<EOF > *nat > -A POSTROUTING -s 10.0.0.0/16 -o usb0 -j SNAT --to-source 192.168.0.1 > COMMIT > *filter > > -A INPUT -p tcp -m tcp --dport 22 -j DROP > COMMIT > EOF iptables-restore: COMMIT expected at line 5