* MAC and iptables-save
@ 2002-12-27 13:51 Fridtjof Busse
2003-01-06 13:00 ` Harald Welte
0 siblings, 1 reply; 2+ messages in thread
From: Fridtjof Busse @ 2002-12-27 13:51 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 824 bytes --]
Hi
"iptables-restore" doesn't work if "iptables-save" saved a rule with "-m
mac --mac-source"
To reproduce this:
Create a rule:
iptables -A INPUT -i eth0 -m mac --mac-source ! 00:01:02:03:04:05 -j
REJECT
Save this rule:
iptables-save > test.iptables
Load the ruleset:
iptables-restore test.iptables
iptables-restore v1.2.7a: Bad mac address `!00:01:02:03:04:05'
Try `iptables-restore -h' or 'iptables-restore --help' for more
iptables-save doesn't add a space before it prints the mac-address, it
looks like this:
-A INPUT -i wlan0 -m mac --mac !00:02:2D:5C:08:1B -j DROP
instead of:
-A INPUT -i wlan0 -m mac --mac ! 00:02:2D:5C:08:1B -j DROP
Fix attached, since this bug seems to be still in the CVS.
--
Fridtjof Busse
BOFH excuse #63:
not properly grounded, please bury computer
[-- Attachment #2: iptables-1.2.7a-mac.diff --]
[-- Type: text/x-diff, Size: 691 bytes --]
--- extensions/libipt_mac.c.orig Fri Nov 8 18:20:48 2002
+++ extensions/libipt_mac.c Fri Nov 8 18:22:48 2002
@@ -90,7 +90,7 @@
{
unsigned int i;
- printf("%s%02X", invert ? "!" : "", macaddress[0]);
+ printf("%s %02X", invert ? "!" : "", macaddress[0]);
for (i = 1; i < ETH_ALEN; i++)
printf(":%02X", macaddress[i]);
printf(" ");
--- extensions/libip6t_mac.c.orig Fri Nov 8 18:23:10 2002
+++ extensions/libip6t_mac.c Fri Nov 8 18:23:31 2002
@@ -90,7 +90,7 @@
{
unsigned int i;
- printf("%s%02X", invert ? "!" : "", macaddress[0]);
+ printf("%s %02X", invert ? "!" : "", macaddress[0]);
for (i = 1; i < ETH_ALEN; i++)
printf(":%02X", macaddress[i]);
printf(" ");
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: MAC and iptables-save
2002-12-27 13:51 MAC and iptables-save Fridtjof Busse
@ 2003-01-06 13:00 ` Harald Welte
0 siblings, 0 replies; 2+ messages in thread
From: Harald Welte @ 2003-01-06 13:00 UTC (permalink / raw)
To: Fridtjof Busse; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 643 bytes --]
On Fri, Dec 27, 2002 at 02:51:14PM +0100, Fridtjof Busse wrote:
> Hi
> "iptables-restore" doesn't work if "iptables-save" saved a rule with "-m
> mac --mac-source"
thanks for reporting this bug. It has already been fixed in CVS for
ipv4 mac, although slightly different than your solution.
I have now changed the ipv6 mac match, too.
--
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/
============================================================================
"If this were a dictatorship, it'd be a heck of a lot easier, just so long
as I'm the dictator." -- George W. Bush Dec 18, 2000
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-01-06 13:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-27 13:51 MAC and iptables-save Fridtjof Busse
2003-01-06 13:00 ` Harald Welte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.