Hi all,
After updating a firewall from iptables 1.2.7a to a later version, my ruleset doesn't work anymore. It fails on COMMIT-lines that are not at the end of a table definition. I used commits for cutting my (sometimes quite large) rulesets into smaller parts and make sure I always keep a working configuration, even if some rules fail.
For example: - define management-access definitions (allow SSH from management-stations, etc) - COMMIT - define other rules that get changed a lot and thus have a larger chance of containing errors.
Having looked at the source-code, I discovered that it is caused by some extra checks on 'in_table' (in iptables-restore.c), which got inserted between 1.2.7a and 1.2.8. The changelog doesn't say why.
Could you try to reproduce such error with lastest iptables 1.3.1? If so, please post the complaining section of rules, it could be useful for debugging.
-- Pablo
