|Subject:||Order of generated iptables rule is not valid if using "-C" (check) option - chain must be set before table|
|Date:||Fri, 8 Jul 2016 12:26:57 +0200|
|To:||bug-IPTables-Rule [...] rt.cpan.org|
|From:||XiconRest <rest [...] xicon.de>|
Dear Phillip, I don't know if this is a bad behaviour of iptables or just a bug in it, but I couldn't find any documentation that states this rule: If you are using the -C option on a chain, for checking, if the rule is applied into iptables, and you set the table "-t" like nat or filter (e.x.), than the chain definition (e.x. -C POSTROUTING) has to be in front of the table definition (e.x. -t nat). throws error: /sbin/iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE works fine: /sbin/iptables -C POSTROUTING -t nat -o eth0 -j MASQUERADE Expected output is either none, if the rule is applied, or "Bad rule (does a matching rule exist in that chain?)". But if you select the NAT table with "-t nat", the output seems also to be not completely right "No chain/target/match by that name.", even when the chain is there - but this not the problem of this request/ticket. So summing up: "-[ADIRLSFZNXPE]" has to be in front of "-t [filter|nat|mangle|raw|security]". Patch/diff attached. Best regards xiconfjs
Message body is not shown because sender requested not to inline it.