From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1B8EA15812D for ; Fri, 03 Jan 2025 10:32:29 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8530FE0867; Fri, 03 Jan 2025 10:32:22 +0000 (UTC) Received: from n.hanft.de (n.hanft.de [IPv6:2001:780:125:1::e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E9763E0843 for ; Fri, 03 Jan 2025 10:32:21 +0000 (UTC) Received: from home01.hanft.de (home01.hanft.de [IPv6:2003:a:1137:e000:a:f:5:15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by n.hanft.de (Postfix) with ESMTPS id 64D1C966C3C; Fri, 03 Jan 2025 11:32:20 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hanft.de; s=231024; t=1735900340; bh=yI5t/bNH715kv2HHOlZdBOOMW2YeCZw2bpnlmrlv5QI=; h=Subject:To:References:From:Date:In-Reply-To:From; b=K3iKUYnODN6Ii2hDdAy7spQ9/MJwZf5Je5LUsMXmwdWz+g0tYCQPPvBGDDFI4Q6xv dUBlxYYJQqdSImNv4RVihM/nXlNQL2HGdUf7rFSFwzR0Doiq0vN0xK3NZHcUK3mhju UDDMQLsWKHjbqADkdyzTAATu0Ny3tSjF07SZ7nNHg0/vn+UzmrEY3wYd9vaOE79+Fa c2LEKg8a4pY162AleYLLNeugjsR65TF06Nio3byhYNKwN8C8jQeAPL4sJRaS/JgdF8 j2zCnOYQgcGH+r/LUusYMf+bUIQHSQbxCK5Oz9iQaBnzYTd0hWpfs01xlO2NNNIP7p UppV78Z2AlH6A== Subject: Re: [gentoo-user] Strange behaviour of iptables To: gentoo-user@lists.gentoo.org References: <673fdadaaa7de7e12ac8d0f4c3443b18c0751ecc.camel@connell.tech> <58bbb33e-8a76-9634-0ceb-dd2520d9cd13@hanft.de> <87ldvtef19.fsf@gmail.com> From: Matthias Hanft Message-ID: <666afc76-2625-ece1-719f-e377446e3b33@hanft.de> Date: Fri, 3 Jan 2025 11:30:54 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 SeaMonkey/2.53.19 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <87ldvtef19.fsf@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: b84316c7-8479-48ba-b76a-459bb529195a X-Archives-Hash: ef02e3aa62cd0ad5874aa3b9fc785884 Alexis wrote: > > > So what happens if you instead do: > > ``` > exec("/usr/bin/xtables-legacy-multi iptables-legacy -L COUNT -n -v > -x -w", $iptables); > ``` > > ? Just the same: iptables v1.8.11 (legacy): Illegal option `--numeric' with this command Try `iptables -h' or 'iptables --help' for more information. If I omit "-n", I get the message "Illegal option `--exact' with this command", and if I omit "-n" and "-x", it seems to work, but without "-x" I get "2M" bytes (instead of 2048000 bytes) which is hard to calculate with. Anyway, I omitted one parameter after another, and the problem seems to be "-Z" when I want to clear the counters - and it has nothing to do with PHP; I had overlooked that the monthly PHP cronjob clears the counters (of course), while an interactive COUNT does not. So after some tests (without PHP, just from bash) I get the following: /sbin/iptables -L COUNT -n -v -x -w does work, while /sbin/iptables -L -Z COUNT -n -v -x -w does *not*. "man iptables" says for the "-L" option: "It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed." (which is what I want and worked for years). Just "iptables -Z COUNT" does work, but obviously not in combination with "-n" and "-x" (which I need for "-L"). I could run "-L -x -n" and "-Z" one after another, but that would not be atomic any more (which wouldn't be fatal in my case, though). Could it be an iptables bug since last update? Should I file a bug report? -Matt