On Sat, 8 Sep 2001, Ben Reser wrote:
> I agree that it shouldn't be segfaulting. That's why I'm spending today
> figuring out how to patch it so it doesn't. Actually I think I know how
> I just need to setup a copy in vmware since my firewall doesn't have
> development tools.
>
> > Furthermore, As /etc/sysconfig/iptables (like ipchains) is coded manually,
> > to effect global settings to the firewall, incidents like this will occur,
> > and segfaults are truly misleading. MY mistake was that i didn't look
> > much into the format of iptables-save before reporting the error.
> >
> > In any case. now that that is cleared up what is more correct? The old
> > format of ipchains in /etc/sysconfig/iptables (which a lot of people are
> > used to), or follow the new convention of iptables-restore?
>
> I think we need to follow the new conventions. Or make
> iptables-restore, pay attention to the -t. I think I can make the
> latter work pretty easily. Which should make your existing
> /etc/sysconfig/iptables work, but at the same time make iptables-save
> output work as well.
>
> I think making it work for more people is the better solution.
Agreed. BTW, Looking over the KNOWN_BUGS for iptables 1.2.2, it said
"4) iptables-restore and -save still have problems. Sorry."
I just feel good that someone's on it. The people at mandrake are quite
packaging the "bigger picture" to be bothered by this problem, which
really seems like quite a show stopper for those wanting to use iptables
with the initscripts.
Thanks!
