http://bugzilla.novell.com/show_bug.cgi?id=561178 http://bugzilla.novell.com/show_bug.cgi?id=561178#c0 Summary: iptables -m recent option --set is not unique Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: All OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: support@microtechniques.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) Several iptables match modules have a --set option. Most provide an alternate unique version such as --match-set for -m set. -m recent does not and thus cannot be used in conjunction with other modules. This is strange since most of the rest of the -m recent options are preceded with an 'r'. running the following: # The second --set option is incorrectly read by the -m set module and generates an error iptables -A dummy -m set --match-set testip src -o net1 -m recent --name testip --set -m comment --comment "option conflict a" # This one uses an --update option instead and works. It is provided to show that it is the --set option that causes the error. iptables -A dummy -m set --match-set testip src -o net1 -m recent --name testip --update -m comment --comment "option conflict b" iptables -F dummy Produces: option conflict iptables v1.4.4: --match-set can be specified only once Try `iptables -h' or 'iptables --help' for more information. Chain dummy (1 references) target prot opt source destination all -- anywhere anywhere match-set testip src recent: UPDATE name: testip side: source /* option conflict b */ Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.