On Monday 2011-08-15 16:12, Pandu Poluan wrote:
>What's wrong with my command here:
>
> iptables -A rq_icmp -m u32 ! --u32 0x4&0x3fff=0x0 -m comment
>--comment "Fragmented" -g rq_drop_icmpattack
>
>it works without problem on Ubuntu 10.04, why won't it work with
>Gentoo? I keep getting the error:
>
> iptables v1.4.12: u32: option "--u32" cannot be inverted.
>
>Rgds,
>--
parent 91ca4603f649a9b9fed4f2e31a8c005cdbdacd1e (v1.4.12-8-g91ca460)
commit 48ddf871ed3c8b31832f38d3d5ea14ac12f0c73d
Author: Jan Engelhardt <jengelh@xxxxxxxxxx>
Date: Mon Aug 15 17:06:20 2011 +0200
libxt_u32: fix missing allowance for inversion
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
extensions/libxt_u32.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 774d5ea..6d024fb 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -24,7 +24,7 @@ enum {
static const struct xt_option_entry u32_opts[] = {
{.name = "u32", .id = O_U32, .type = XTTYPE_STRING,
- .flags = XTOPT_MAND},
+ .flags = XTOPT_MAND | XTOPT_INVERT},
XTOPT_TABLEEND,
};
--
# Created with git-export-patch
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
