[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: bug in iptables-restore and "recent" module
From:       Neal Murphy <neal.p.murphy () alum ! wpi ! edu>
Date:       2015-02-20 21:22:42
Message-ID: 201502201622.42411.neal.p.murphy () alum ! wpi ! edu
[Download RAW message or body]

On Friday, February 20, 2015 04:05:44 PM richard lucassen wrote:
> On Tue, 17 Feb 2015 09:52:54 +0100
> 
> Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> > > I'd say in iptables-restore. Apparently the -t (test) does not
> > > notice that there is a problem while the real iptables-restore does.
> > 
> > Sorry, my question was not clear enough. Let me rephrase.
> > 
> > As -t does not commit the tables to the kernel, I do not expect it to
> > detect errors related to the kernel configuration. So I do not see any
> > bug in your description, it sounds like expected behaviour to me.
> > Where do you see a bug in that behaviour ?
> 
> You have a point :) And I agree with Dennis to add it to the
> manpage.

To state it a little more explicitly:
  o '-t' can only validate the syntax; it cannot check the data
  o 'the kernel' validates the data
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]