As pointed out by Vyacheslav Garashchenko, iptables-save does not save negated dscp matches properly. Fix below. This closes bugzilla #533. Phil Signed-off-by: Phil Oester <kernel@xxxxxxxxxxxx>
--- iptables/extensions/libxt_dscp.c 2008-06-24 13:58:46.000000000 -0700 +++ iptables-1.4.1.1/extensions/libxt_dscp.c 2008-08-03 08:26:36.000000000 -0700 @@ -119,7 +119,7 @@ print_dscp(u_int8_t dscp, int invert, int numeric) { if (invert) - fputc('!', stdout); + printf("! "); printf("0x%02x ", dscp); }