Hi. We've received bug report about broken ! -s 192.168.1.0/24 match: http://bugs.gentoo.org/264089 Steps to reproduce: iptables -A INPUT -i eth0 ! --src 192.168.1.0/24 iptables-save > ruleset iptables-restore < ruleset Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`). Patch in attachment is supposed to fix this issue. Please, if it's correct, apply. -- Peter.
commit ba8b9d5559050b17da5562b8be21854289937b3e
Author: Peter Volkov <pva@xxxxxxxxxx>
Date: Sat Apr 4 13:33:59 2009 +0400
Fix save of negated match (! -s 192.168.1.0/24)
iptables-restore unabled to restore ! -s 192.168.1.0/24 match saved by
iptables-save. This patch fixes ordering of output issued by print_ip.
Reported at http://bugs.gentoo.org/264089, thank Yar Odin for report.
diff --git a/iptables.c b/iptables.c
index 3449dec..fe43ab0 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1089,9 +1089,9 @@ static void print_ip(char *prefix, u_int32_t ip, u_int32_t mask, int invert)
if (!mask && !ip && !invert)
return;
- printf("%s %s%u.%u.%u.%u",
- prefix,
+ printf("%s%s %u.%u.%u.%u",
invert ? "! " : "",
+ prefix,
IP_PARTS(ip));
if (mask == 0xFFFFFFFFU) {
Attachment:
signature.asc
Description: This is a digitally signed message part
