Hi. After previous fix I've reviewed sources a bit and found that protocol and iface negated matches are broken in the same regard. Patch in attachment fixes them too. -- Peter.
commit a08db349d0be99a8ae8b4ab271489b42735f4404
Author: Peter Volkov <pva@xxxxxxxxxx>
Date: Sat Apr 4 14:07:31 2009 +0400
Fix restore of negated iface and proto matches
Attemt to restore ruleset with ! -i iface or ! -p proto matches fail
with the following error:
Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`).
This patch fixes this issue.
diff --git a/iptables.c b/iptables.c
index fe43ab0..392981f 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1002,22 +1002,22 @@ static void print_proto(u_int16_t proto, int invert)
{
if (proto) {
unsigned int i;
- const char *invertstr = invert ? "! " : "";
+ const char *invertstr = invert ? "!" : "";
struct protoent *pent = getprotobynumber(proto);
if (pent) {
- printf("-p %s%s ", invertstr, pent->p_name);
+ printf("%s -p %s ", invertstr, pent->p_name);
return;
}
for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
if (xtables_chain_protos[i].num == proto) {
- printf("-p %s%s ",
+ printf("%s -p %s ",
invertstr, xtables_chain_protos[i].name);
return;
}
- printf("-p %s%u ", invertstr, proto);
+ printf("%s -p %u ", invertstr, proto);
}
}
@@ -1039,7 +1039,7 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
if (mask[0] == 0)
return;
- printf("-%c %s", letter, invert ? "! " : "");
+ printf("%s -%c ", invert ? "!" : "", letter);
for (i = 0; i < IFNAMSIZ; i++) {
if (mask[i] != 0) {
Attachment:
signature.asc
Description: This is a digitally signed message part
