Public bug reported: If your iptables contains rules that use --hex-string from string module, example
iptables -A INPUT -i eth0 -p udp -m string --hex-string "|ffffffff50|" --algo bm --to 65535 -j DROP and then you dump your iptables rules to a file with iptables-save, the rule above will be written as -A INPUT -i eth0 -p udp -m string --hex-string"|ffffffff50|" --algo bm --to 65535 -j DROP Notice the absence of a required space before the hex-string pattern. This also cause iptables-restore to complain about the rule being invalid when importing the rules file and halt at the rule with error This bug is reproduceable on both Precise (iptables 1.4.12-1ubuntu4) and Quantal (1.4.12-2ubuntu2) People that automatically restores their iptables rules at boot might want to manually correct the rule in their firewall rules file if they use --hex-string ** Affects: iptables (Ubuntu) Importance: Undecided Status: New ** Tags: iptables iptables-restore iptables-save -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1074923 Title: iptables-save doesn't write --hex-string pattern correctly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1074923/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs