From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
The following iptables rules have the different semantics:
# iptables -A INPUT -j NFLOG
# iptables -A INPUT -j NFLOG --nflog-size 0
But they are all displayed as "-A INPUT -j NFLOG", so if
the user input the following commands, the original semantics
will be broken.
# iptables-save | iptables-restore
Signed-off-by: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
---
extensions/libxt_NFLOG.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c
index 8c67066..a747951 100644
--- a/extensions/libxt_NFLOG.c
+++ b/extensions/libxt_NFLOG.c
@@ -83,7 +83,7 @@ static void nflog_print(const struct xt_nflog_info *info, char *prefix)
}
if (info->group)
printf(" %snflog-group %u", prefix, info->group);
- if (info->len && info->flags & XT_NFLOG_F_COPY_LEN)
+ if (info->flags & XT_NFLOG_F_COPY_LEN)
printf(" %snflog-size %u", prefix, info->len);
else if (info->len)
printf(" %snflog-range %u", prefix, info->len);
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
