If your iptables contains rules that use --hex-string from string module, example
iptables -A INPUT -i eth0 -p udp -m string --hex-string "|ffffffff50|" --algo bm --to 65535 -j DROP
and then you dump your iptables rules to a file with iptables-save, the rule above will be written as
-A INPUT -i eth0 -p udp -m string --hex-string"|ffffffff50|" --algo bm --to 65535 -j DROP
Notice the absence of a required space before the hex-string pattern. This also cause iptables-restore to complain about the rule being invalid when importing the rules file and halt at the rule with error
This bug is reproduceable on both Precise (iptables 1.4.12-1ubuntu4) and Quantal (1.4.12-2ubuntu2)
People that automatically restores their iptables rules at boot might want to manually correct the rule in their firewall rules file if they use --hex-string
If your iptables contains rules that use --hex-string from string module, example
iptables -A INPUT -i eth0 -p udp -m string --hex-string "|ffffffff50|" --algo bm --to 65535 -j DROP
and then you dump your iptables rules to a file with iptables-save, the rule above will be written as
-A INPUT -i eth0 -p udp -m string --hex-string" |ffffffff50| " --algo bm --to 65535 -j DROP
Notice the absence of a required space before the hex-string pattern. This also cause iptables-restore to complain about the rule being invalid when importing the rules file and halt at the rule with error
This bug is reproduceable on both Precise (iptables 1.4.12-1ubuntu4) and Quantal (1.4.12-2ubuntu2)
People that automatically restores their iptables rules at boot might want to manually correct the rule in their firewall rules file if they use --hex-string