Bug#598315: iptables: confusing "Can't set policy" error message

Rob Leslie Tue, 28 Sep 2010 01:09:19 -0700

Package: iptables
Version: 1.4.9-1
Severity: minor
Tags: patch

When iptables-restore (and ip6tables-restore) is unable to set a chain's
policy, it responds with a confusing message, e.g.:


iptables-restore v1.4.9: Can't set policy `PREROUTING' on `ACCEPT' line 16: Bad 
built-in chain name

This is due to the chain and policy arguments being used in the wrong
order. The attached patch corrects this problem.


-- System Information:
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iptables depends on:
ii  libc6                         2.11.2-6   Embedded GNU C Library: Shared lib
ii  libnfnetlink0                 1.0.0-1    Netfilter netlink library

iptables recommends no packages.

iptables suggests no packages.

-- no debconf information

>From 6fbab6c494d0e60a64df0f9ba25abd711a1870ac Mon Sep 17 00:00:00 2001
From: Rob Leslie <r...@mars.org>
Date: Tue, 28 Sep 2010 00:43:00 -0700
Subject: [PATCH] Fix policy setting failure message

The "Can't set policy ..." error message for iptables-restore and
ip6tables-restore had its policy and chain arguments reversed, resulting
in confusing messages. Fix this by correcting the order of arguments.
---
 ip6tables-restore.c |    2 +-
 iptables-restore.c  |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index 008566c..cea5f36 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -312,7 +312,7 @@ int main(int argc, char *argv[])
                                        xtables_error(OTHER_PROBLEM,
                                                "Can't set policy `%s'"
                                                " on `%s' line %u: %s\n",
-                                               chain, policy, line,
+                                               policy, chain, line,
                                                ip6tc_strerror(errno));
                        }
 
diff --git a/iptables-restore.c b/iptables-restore.c
index 8c6648e..bf80e78 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -317,7 +317,7 @@ main(int argc, char *argv[])
                                        xtables_error(OTHER_PROBLEM,
                                                "Can't set policy `%s'"
                                                " on `%s' line %u: %s\n",
-                                               chain, policy, line,
+                                               policy, chain, line,
                                                iptc_strerror(errno));
                        }
 
-- 
1.7.1

Bug#598315: iptables: confusing "Can't set policy" error message

Reply via email to