Eric White wrote: > With a little more experimentation, I see that manually poking a new > chain definition (e.g., "iptables -t filter -N :A:Svc:ABD ") and then > issuing iptables-save generates a > > ::A:Svc:ABD - [0:0] > > line in the output. So, I modified the ruleset, replacing all -N > occurrences with the corresponding ":" prefix and added the "- [0:0]' > suffix, with the same result; i.e., the COMMIT line generates a "bad > argument" error. This usually means that a previously used match/target didn't ignore unknown arguments as it ought to do. I suggest to try the latest iptables version (there are a couple of these fixes in each release), if that doesn't help please try to find out which match or target is responsible by removing individual lines until the error goes away.
