Hi,
> > http://bugs.debian.org/106374
> > The problem is user-defined chains that start with a dash
> > are seemingly impossible to kill with any amount of shell-foo.
> > Using GNU logopts style "--foo=bar" options is the only way
> > I've found to remove the chains independently. I don't see
> > anything in the docs that mention that style though.
> ouch. maybe we should rather check on '-' as first character and
> disallow chain creation with such names.
>
> Just a personal note: But it would have _never_ occurred to me that
> somebody would want to start a chain name with a leading dash.
http://lists.samba.org/pipermail/netfilter-devel/2002-April/004269.html
The insert of a '-n' (or any other valid switches!) can be an accident.
At its result it can change the behaviour of the iptables command.
(The example was the '-n' chain and the '-L' option...)
Regards,
kisza
--
Andras Kis-Szabo Security Development, Design and Audit
-------------------------/ Zorp, NetFilter and IPv6
[EMAIL PROTECTED] /-----Member of the BUTE-MIS-SEARCHlab------>
