Package: iptables Version: 1.4.2-5 Severity: normal
It looks like ``iptables-save`` doesn't flush before forking, at least when issuing the first rule related to the ``multiport`` module in a chain. In some virtual machines where there is no ``/sbin/modprobe``, this causes some output to be duplicated, like this (look at the ``multiport`` line):: # Generated by iptables-save v1.4.2 on Tue Feb 10 09:23:29 2009 *mangle :PREROUTING ACCEPT [10031:3504342] :INPUT ACCEPT [10031:3504342] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9143:868348] :POSTROUTING ACCEPT [9143:868348] COMMIT # Completed on Tue Feb 10 09:23:29 2009 # Generated by iptables-save v1.4.2 on Tue Feb 10 09:23:29 2009 *filter :INPUT ACCEPT [10032:3504394] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9147:869212] :fail2ban-ssh - [0:0] -A INPUT -p tcp -A INPUT -p tcp -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A fail2ban-ssh -j RETURN COMMIT # Completed on Tue Feb 10 09:23:29 2009 I'm attaching the output of ``strace -f iptables-save`` (whose normal output is the one above). You can also check where this error whas initially found: http://bugzilla.openvz.org/show_bug.cgi?id=1169 It looks like moving some writing or flushing op before the fork should fix the issue. -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24-2-pve (SMP w/2 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages iptables depends on: ii libc6 2.7-18 GNU C Library: Shared libraries iptables recommends no packages. iptables suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
