Hello,
With iptablesw-save and iptables-restore version 1.33, restoration of
iptables rules with inverted set matches is failing with the following
error:
Bad argument `!--set'
Error occurred at line: 6
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I checked the rule set file created using iptables-save and, sure enough
there is no space between the exclamation point ('!') and the "--set"
argument which, based on similar problems reported for matches like "tos",
seems like the cause of the failure seen with iptables-restore.
An example sequence of this is shown below.
Is this a known problem?
Thanks
- Andrew Kraslavsky
Example sequence:
$ iptables -A FORWARD -m set ! --set myset src -j ACCEPT
$ iptables-save > test.ipt
$ cat test.ipt
# Generated by iptables-save v1.3.3 on Mon Jun 19 18:06:05 2006
*filter
:INPUT ACCEPT [8:960]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -m set !--set myset src -j ACCEPT
COMMIT
# Completed on Mon Jun 19 18:06:05 2006
# Generated by iptables-save v1.3.3 on Mon Jun 19 18:06:05 2006
*mangle
:PREROUTING ACCEPT [8:960]
:INPUT ACCEPT [8:960]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Jun 19 18:06:05 2006
# Generated by iptables-save v1.3.3 on Mon Jun 19 18:06:05 2006
*nat
:PREROUTING ACCEPT [4:648]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Mon Jun 19 18:06:05 2006
$ iptables-restore test.ipt
Bad argument `!--set'
Error occurred at line: 6
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
