iptables command and target ULOG problem

iptables command and target ULOG problem

[Andre Luiz da Silva]

Hello friends...

I'm using the iptables version 1.2.11 and I have the follow problem with
ULOG iptables target:

For example....

When I insert the rule and the parameter '-j ULOG' are before icmp protocol
options, I received the error "Bad argument":

"
andre:~/iptables-1.2.11 # ./iptables -I INPUT -j ULOG --protocol icmp
--icmp-type echo-reply
Bad argument `echo-reply'
Try `iptables -h' or 'iptables --help' for more information.
"

But with '-j ULOG' later the icmp protocol options (or any other
options), no error occurs.

"
andre:~/iptables-1.2.11 # ./iptables -I INPUT --protocol icmp
--icmp-type echo-reply -j ULOG
"

This problem does not occur with target "LOG".


Any ideias? 

Thank's

Re: iptables command and target ULOG problem

[Jonas Berlin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quoting Andre Luiz da Silva on 2005-05-01 19:30 UTC:

> Hello friends...

Hello :)

> When I insert the rule and the parameter '-j ULOG' are before icmp protocol
> options, I received the error "Bad argument":
> 
> andre:~/iptables-1.2.11 # ./iptables -I INPUT -j ULOG --protocol icmp
> --icmp-type echo-reply
> Bad argument `echo-reply'
> Try `iptables -h' or 'iptables --help' for more information.
> 
> But with '-j ULOG' later the icmp protocol options (or any other
> options), no error occurs.
> 
> andre:~/iptables-1.2.11 # ./iptables -I INPUT --protocol icmp
> --icmp-type echo-reply -j ULOG

I think options should be grouped together with their owners, and all
options after -j <ANYTHING> should be associated with the target.

FYI: I'm not a regular maintainer, just expressing my thoughts here :)

> This problem does not occur with target "LOG".

It might be that LOG does not validate its arguments strictly and thus
not react on the "echo-reply" argument. Or it might be some peculiar
iptables bug..

> Any ideias? 

Just put --icmp-type echo-reply before -j :)

> Thank's

Be well :)

- --
- - xkr47
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCdTanxyF48ZTvn+4RAm/4AKDalaJR0tbaonulqgNeV4SBxNf8FgCgp75r
lFEYC84MW2kSGcVgTFDk6Q8=
=VosE
-----END PGP SIGNATURE-----

Re: iptables command and target ULOG problem

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 344 bytes --]

Andre Luiz da Silva wrote:
> Hello friends...
> 
> I'm using the iptables version 1.2.11 and I have the follow problem with
> ULOG iptables target:
> 
> For example....
> 
> When I insert the rule and the parameter '-j ULOG' are before icmp protocol
> options, I received the error "Bad argument":

Fixed in svn by this patch.

Regards
Patrick

[-- Attachment #2: x --]
[-- Type: text/plain, Size: 307 bytes --]

Index: extensions/libipt_ULOG.c
===================================================================
--- extensions/libipt_ULOG.c	(Revision 3889)
+++ extensions/libipt_ULOG.c	(Arbeitskopie)
@@ -144,6 +144,8 @@
 #endif
 		*flags |= IPT_LOG_OPT_QTHRESHOLD;
 		break;
+	default:
+		return 0;
 	}
 	return 1;
 }