netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* iptables upgrade: NOT operator parser trouble
@ 2013-06-28 17:10 Thomas Jarosch
  2013-06-28 20:20 ` Florian Westphal
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas Jarosch @ 2013-06-28 17:10 UTC (permalink / raw)
  To: netfilter-devel

Hi,

I've found another issue after upgrading iptables from 1.4.8 to 1.4.18.
This rule used to work:

    iptables -A R34 --protocol tcp --dport ! 80 -j C525


iptables complains:
	iptables-restore v1.4.18: invalid port/service `!' specified


Fix the parser or fix my rules? :)

Cheers,
Thomas


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: iptables upgrade: NOT operator parser trouble
  2013-06-28 17:10 iptables upgrade: NOT operator parser trouble Thomas Jarosch
@ 2013-06-28 20:20 ` Florian Westphal
  2013-07-01  8:25   ` Thomas Jarosch
  0 siblings, 1 reply; 3+ messages in thread
From: Florian Westphal @ 2013-06-28 20:20 UTC (permalink / raw)
  To: Thomas Jarosch; +Cc: netfilter-devel

Thomas Jarosch <thomas.jarosch@intra2net.com> wrote:
> I've found another issue after upgrading iptables from 1.4.8 to 1.4.18.
> This rule used to work:
> 
>     iptables -A R34 --protocol tcp --dport ! 80 -j C525

Yes, but iptables used to warn about this:
'Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`).'

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: iptables upgrade: NOT operator parser trouble
  2013-06-28 20:20 ` Florian Westphal
@ 2013-07-01  8:25   ` Thomas Jarosch
  0 siblings, 0 replies; 3+ messages in thread
From: Thomas Jarosch @ 2013-07-01  8:25 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netfilter-devel

Hi Florian,

On Friday, 28. June 2013 22:20:38 Florian Westphal wrote:
> Thomas Jarosch <thomas.jarosch@intra2net.com> wrote:
> > I've found another issue after upgrading iptables from 1.4.8 to 1.4.18.
> > 
> > This rule used to work:
> >     iptables -A R34 --protocol tcp --dport ! 80 -j C525
> 
> Yes, but iptables used to warn about this:
> 'Using intrapositioned negation (`--option ! this`) is deprecated in
> favor of extrapositioned (`! --option this`).'

probably my iptables version was too old to show that warning,
at least I never noticed it.

Anyhow, I fixed my rule generator.

Thanks,
Thomas


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-07-01  8:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-28 17:10 iptables upgrade: NOT operator parser trouble Thomas Jarosch
2013-06-28 20:20 ` Florian Westphal
2013-07-01  8:25   ` Thomas Jarosch

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).