Re: iptables-save counters on builtin chains not restored?

[Herve Eychenne <rv@wallfire.org>]

On Fri, Aug 20, 2004 at 04:36:17PM +0200, Herve Eychenne wrote:

> On Thu, Aug 19, 2004 at 12:13:14PM +0200, Harald Welte wrote:

> > Please put it in bugzilla... and patches are obviously always welcome.

> I'm currently writing it, at least partly:
> - for now iptables-save (with or without -c) used to dump counters for
>   builtin-chains, which is wrong (useless when not called with -c).
>   I'll fix that.
> - iptables-save (also with or without -c) used to dump dummy counters
>   (always [0:0]) for user-chains, which is also wrong (never needed,
>   as it makes no sense for user-chains, right?). I'll fix that too.

> The side effect of this change will be that dump files created by new
> iptables-save command (without -c) won't be restorable with old
> iptables-restore (without -c).

Sorry... you should have read:
dump files created by new iptables-save command (without -c) won't be
restorable with old iptables-restore -c
So, 
# iptables-save.new | iptables-restore.old
works well. That's even less harmful.

> But i think it's acceptable, as:
> - people should not want to do that, as they should use
>   iptables-restore.new, then
> - if people really have to use iptables-restore.old, they can use
>   iptables-save.new dumps, but with -c
> - a very simple sed line fixes that

> One thing that puzzles me is that old iptables-restore -c used to
> restore old iptables-save (without -c) dumps without any complaints
> about missing counters (for rules, as counters for builtin-chains were
> dumped anyway).
> So I guess new iptables-restore -c should act likewise, that is
> restore new iptables-save dumps (without -c) without error, but shouldn't
> it at least issue a warning about the lack of the expected counters?

> Thanks for commenting everything above.

 Herve

-- 
 _
(°=  Hervé Eychenne
//)
v_/_ WallFire project:  http://www.wallfire.org/