iptables-1.4.5 REPLACE rule problem

iptables-1.4.5 REPLACE rule problem

[Werner Pawlitschko]

Hi dear netfilter team,
I just upgraded from iptables-1.4.3 to 1.4.5 and found the following 
problem. Probably it has already been reported.

 I think it should be just as simple as doing this at the prompt:
iptables -A OUPUT -j LOG -d 10.11.12.13
then iptables-save shows
-A OUPUT -d 10.11.12.13/32 -j LOG
that's ok.
Then doing:
iptables -R OUTPUT 1 -j LOG -d 10.11.12.13
then iptables-save shows
-A OUTPUT -d 10.11.12.13/0 -j LOG
Looks bad. As you see the mask is set to zero for all bits.
But redirecting the output of iptables-save into a file, editing the 
mask manually and restoring the rules by iptables-restore works perfectly.

Your sincerely,
  Werner

Re: iptables-1.4.5 REPLACE rule problem

[Jan Engelhardt]

On Saturday 2009-11-14 10:25, Werner Pawlitschko wrote:

> iptables -A OUPUT -j LOG -d 10.11.12.13
> then iptables-save shows
> -A OUPUT -d 10.11.12.13/32 -j LOG
> that's ok.
> Then doing:
> iptables -R OUTPUT 1 -j LOG -d 10.11.12.13
> then iptables-save shows
> -A OUTPUT -d 10.11.12.13/0 -j LOG
> Looks bad. As you see the mask is set to zero for all bits.

It turns out -R always put /0 in there. A bug of course, that I fixed 
now. Patch at git://dev.medozas.de/iptables for the wary, otherwise 
will be submitted in my semiregular pushes.

thanks,
Jan