Package: iptables Version: 1.4.1.1-3 Severity: important Hi,
lenny's iptables does not understand the --tos value/mask notation as
described in the manpage:
# iptables -t mangle -A POSTROUTING -m tos --tos 0x10/0x3f
| iptables v1.4.1.1: Symbolic name "0x10/0x3f" is unknown
This caused a lot of grief since iptables-restore cannot restore a
packet filter dump created by iptables-save. A host that relied on
the validity of such a dump was locked out completely due to this,
hence the increased severity.
How to repeat:
# (clean all tables)
# set up a single rule and save
iptables -t mangle -A POSTROUTING -m tos --tos Minimize-Delay
iptables-save >dump
# clean again and restore
iptables -t mangle -F POSTROUTING
iptables-restore <dump
| iptables-restore v1.4.1.1: Symbolic name "0x10/0x3f" is unknown
| Error occurred at line: 21
| Try `iptables-restore -h' or 'iptables-restore --help' for more information.
# where
grep -n tos dump
| 21:-A POSTROUTING -m tos --tos 0x10/0x3f
Christoph
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i586)
Kernel: Linux 2.6.27.10
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages iptables depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
iptables recommends no packages.
iptables suggests no packages.
-- no debconf information
signature.asc
Description: Digital signature
