Hi,
I found a bug in iptables-save: when fopen("/proc/net/ip_tables_names") fails,
iptables-save just exit with code 0 (success). I expected an error to make
this command works together:
$ iptables-save > /tmp/iptables-backup
$ iptables (...)
$ iptables-restore > /tmp/iptables-backup
The problem is that ip_tables module is not loaded before first iptables
command.
Workaround: load iptables kernel modules before calling iptables-save or check
that iptables-save is not empty.
Bugfix in iptables-save: exit with error code (1) on fopen failure => see
attached patch proposition. The error message could be "iptables kernel
module is not loaded (unable to open ...)" or something better. The most
important point is the exit code to make my bash script work :-)
Victor Stinner
http://www.inl.fr/
Index: iptables-save.c
===================================================================
--- iptables-save.c (révision 7079)
+++ iptables-save.c (copie de travail)
@@ -242,7 +242,9 @@
procfile = fopen("/proc/net/ip_tables_names", "r");
if (!procfile)
- return 0;
+ exit_error(OTHER_PROBLEM,
+ "Unable to open /proc/net/ip_tables_names: %s\n",
+ strerror(errno));
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
