Alexis wrote:
>
>
> So what happens if you instead do:
>
> ```
> exec("/usr/bin/xtables-legacy-multi iptables-legacy -L COUNT -n -v
> -x -w", $iptables);
> ```
>
> ?
Just the same:
iptables v1.8.11 (legacy): Illegal option `--numeric' with this command
Try `iptables -h' or 'iptables --help' for more information.
If I omit "-n", I get the message "Illegal option `--exact' with this command",
and if I omit "-n" and "-x", it seems to work, but without "-x" I get "2M" bytes
(instead of 2048000 bytes) which is hard to calculate with.
Anyway, I omitted one parameter after another, and the problem seems
to be "-Z" when I want to clear the counters - and it has nothing to do
with PHP; I had overlooked that the monthly PHP cronjob clears the
counters (of course), while an interactive COUNT does not.
So after some tests (without PHP, just from bash) I get the following:
/sbin/iptables -L COUNT -n -v -x -w
does work, while
/sbin/iptables -L -Z COUNT -n -v -x -w
does *not*.
"man iptables" says for the "-L" option:
"It is legal to specify the -Z (zero) option as well, in which case the
chain(s) will be atomically listed and zeroed." (which is what I want and
worked for years).
Just "iptables -Z COUNT" does work, but obviously not in combination with
"-n" and "-x" (which I need for "-L").
I could run "-L -x -n" and "-Z" one after another, but that would not be
atomic any more (which wouldn't be fatal in my case, though).
Could it be an iptables bug since last update? Should I file a bug report?
-Matt
