On Sat, 8 Sep 2001, Ben Reser wrote: > On Sun, Sep 09, 2001 at 10:54:46AM +0800, Ian C. Sison wrote: > > Agreed. BTW, Looking over the KNOWN_BUGS for iptables 1.2.2, it said > > > > "4) iptables-restore and -save still have problems. Sorry." > > > > I just feel good that someone's on it. The people at mandrake are quite > > packaging the "bigger picture" to be bothered by this problem, which > > really seems like quite a show stopper for those wanting to use iptables > > with the initscripts. > > I don't think it's a show stopper. I think it's a minor nuisance. I > use iptables with the init scripts and it works just fine. All you have > to do is one of two things. Well in the sense that i got the feeling that the entire initscript of iptables wasn't tested [due to the '-f' in iptables-restore] and the segfault, yes it gave me the idea that the iptables support was problematic at the very least. > Either put your data in the same format iptables-save uses. > Or put it in via the iptables the way you want it and then use > iptables-save to write the file. > "/etc/init.d/iptables save" will write the file for you. This would look good in the README file at least in the RPM version which has the initscript... > After having looked at iptables-restore for several hours today it would > require rewritting iptables-restore from scratch to support what you > want. I don't see the value in it and I doubt anybody else is going to. > I'm just gonna write the patch that makes iptables-restore print an > error message and exit out. Currently I'm using "Line %u does not > appear to be valid iptables-save data.\n" I figure that will give those > who are confused a hint. I understand. It's good enough. That seems like a workable solution for now.
