| Subject: | Order of generated iptables rule is not valid if using "-C" (check) option - chain must be set before table |
| Date: | Fri, 8 Jul 2016 12:26:57 +0200 |
| To: | bug-IPTables-Rule [...] rt.cpan.org |
| From: | XiconRest <rest [...] xicon.de> |
Dear Phillip,
I don't know if this is a bad behaviour of iptables or just a bug in it,
but I couldn't find any documentation that states this rule:
If you are using the -C option on a chain, for checking, if the rule is
applied into iptables, and you set the table "-t" like nat or filter
(e.x.), than the chain definition (e.x. -C POSTROUTING) has to be in
front of the table definition (e.x. -t nat).
throws error:
/sbin/iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE
works fine:
/sbin/iptables -C POSTROUTING -t nat -o eth0 -j MASQUERADE
Expected output is either none, if the rule is applied, or "Bad rule
(does a matching rule exist in that chain?)". But if you select the NAT
table with "-t nat", the output seems also to be not completely right
"No chain/target/match by that name.", even when the chain is there -
but this not the problem of this request/ticket.
So summing up: "-[ADIRLSFZNXPE]" has to be in front of "-t
[filter|nat|mangle|raw|security]". Patch/diff attached.
Best regards
xiconfjs
Message body is not shown because sender requested not to inline it.