Hello list, I've found a few "old" problems in iptables 1.2.8-20020825. The use of '-p icmp' should match all IP packets of type icmp, but instead it only matches type 0. # iptables -A INPUT -p icmp -j ACCEPT # iptables -nvL INPUT Chain INPUT (policy ACCEPT 11197 packets, 881K bytes) target prot opt in out source destination ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 The use of iptables-save and iptables-restore doesn't work as expected, too. > iptables -A INPUT -p tcp -j ACCEPT > iptables -A INPUT -p udp -j ACCEPT > iptables-save # Generated by iptables-save v1.2.8-20020825 on Thu Nov 7 21:27:44 2002 *filter :INPUT ACCEPT [11308:890245] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [12961:1939089] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -p tcp -m tcp -j ACCEPT -A INPUT -p udp -m udp -j ACCEPT # iptables-save | iptables-restore iptables-restore v1.2.8-20020825: Unknown arg `0' Try `iptables-restore -h' or 'iptables-restore --help' for more information. This error apeared in 1.2.7 too. I hope the final release of 1.2.8 will not contain this bugs. I tested this on RedHat 7.3 with: kernel 2.4.19 iptables v1.2.8-20020825 patch-o-matic-20021003 Regards, Simon Kowallik simon@offlineprovider.de http://offlineprovider.de/site/netfilter/netfilter.php
