Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#30419 - [iptables] comments no longer working as expected

Attached to Project: Arch Linux
Opened by Adrian C. (anrxc) - Saturday, 23 June 2012, 20:07 GMT
Last edited by Evangelos Foutras (foutrelis) - Wednesday, 25 July 2012, 06:41 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Ronald van Haren (pressh)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Hello performed this upgrade and noticed comments in my iptables rules are broken:
[2012-06-22 16:26] upgraded iptables (1.4.13-1 -> 1.4.14-2)


Additional info:

# iptables --list -n | head
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 192.168.0.2 0.0.0.0/0 /* --comment */
DROP all -- 192.168.0.13 0.0.0.0/0 /* --comment */

Original rules:

# head /etc/iptables/iptables.rules
*filter
:INPUT DROP [1:36]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.2/32 -m comment --comment "Angmar MS-Windows" -j DROP
-A INPUT -s 192.168.0.13/32 -m comment --comment "Phobos MS-Windows" -j DROP


Now for the most interesting part, convert firewall back to rules:

# iptables-save
# Generated by iptables-save v1.4.14 on Sat Jun 23 22:01:55 2012
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1507:240667]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.2/32 -m comment --comment --comment -j DROP
-A INPUT -s 192.168.0.13/32 -m comment --comment --comment -j DROP


This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Wednesday, 25 July 2012, 06:41 GMT
Reason for closing:  Fixed
Additional comments about closing:  iptables 1.4.14-3 includes fryasu's patch from the upstream bug report.
Comment by Ronald van Haren (pressh) - Sunday, 24 June 2012, 10:14 GMT
Single worded comments seem to work, so like:

-A INPUT -s 192.168.0.2/32 -m comment --comment Angmar -j DROP

I suppose it did work in the previous version? If so I suppose this is an upstream regression. In that case please open a bug report upstream and link it here.
Comment by Evangelos Foutras (foutrelis) - Monday, 25 June 2012, 06:15 GMT
Very similar bug in Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678499

Which seems to have been reported upstream: http://bugzilla.netfilter.org/show_bug.cgi?id=782
Comment by Adrian C. (anrxc) - Monday, 25 June 2012, 14:42 GMT
> have been reported upstream: http://bugzilla.netfilter.org/show_bug.cgi?id=782

Thank you.
Comment by Adrian C. (anrxc) - Wednesday, 27 June 2012, 00:20 GMT
All reports squashed to http://bugzilla.netfilter.org/show_bug.cgi?id=774 bug identified.

Loading...