On Mon, Apr 29, 2002 at 11:38:49AM -0700, Ted Bannon wrote:
> I have some rules which work fine when entered at the command line with
> iptables, but iptables-restore complains about some but not all of them.
> Here are the rules:
>
> # allow outbound ICMP echo request and inbound ICMP echo replies
> -A OUTPUT -s 192.168.29.25/32 -p icmp --icmp-type echo-request -d 0.0.0.0/0
> -j ACCEPT
> -A INPUT -s 0.0.0.0/0 -p icmp --icmp-type echo-reply -d 192.168.29.25/32 -j
> ACCEPT
>
> # allow inbound ICMP echo requests and outbound ICMP echo replies
> -A INPUT -s 0.0.0.0/0 -p icmp --icmp-type echo-request -d 192.168.29.25/32
> -j ACCEPT
> -A OUTPUT -s 192.168.29.25/32 -p icmp --icmp-type echo-reply -d 0.0.0.0/0
> -j ACCEPT
>
> This is the error:
>
> [root@engtest0 sysconfig]# /etc/init.d/iptables start
> Flushing all current rules and user defined chains: [ OK ]
> Clearing all current rules and user defined chains: [ OK ]
> Applying iptables firewall rules: [ OK ]
> iptables-restore v1.2.6-20020226: Unknown arg `--icmp-type'
> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I've now prepared a patch (attached to this email) which solves the problem.
As far as I can see, removing the two lines shouldn't break anything else.
So if your problem is resolved after using this patch, I will commit it to
CVS.
> Ted
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
--- userspace/iptables.c.old Mon Mar 25 09:30:31 2002
+++ userspace/iptables.c Thu May 2 16:40:07 2002
@@ -2054,8 +2054,6 @@
actually hear this code suck. */
if (m == NULL
&& protocol
- && !find_proto(protocol, DONT_LOAD,
- options&OPT_NUMERIC)
&& (m = find_proto(protocol, TRY_LOAD,
options&OPT_NUMERIC))) {
/* Try loading protocol */
