Closed gianni4sec closed 1 year ago
Argument 0 to any Unix process is the name of the program being executed, but the kernel does not handle that automatically. So it's correct and conventional that we're specifying the program name twice: once as the file to be executed, and once as its argument 0.
The actual problem is that in the good case, you're specifying -m
set
--match-set
as three different arguments, but in the bad case you're incorrectly specifying -m set --match-set
as a single argument. This is indicated in the error message you received. (You're also doing the same with -j DROP
.)
Thanks for spotting this! Indeed that is the problem.
Description of the issue
It seems like in the function
runWithOutput
the iptables path is erroneously prepended to the list of args, resulting in some methods failing unexpectedly, as in the example below. I've only testedExists
so far. The solution is to simply remove the prepended iptables path, everything seems to work correctly this way.https://github.com/coreos/go-iptables/blob/fa6abe8703246b05c2c632ac4260eddd42f38dbf/iptables/iptables.go#L521-L522
Then further down in the same function: https://github.com/coreos/go-iptables/blob/fa6abe8703246b05c2c632ac4260eddd42f38dbf/iptables/iptables.go#L544-L549
How to reproduce
Example:
Output:
Please note "Couldn't load match ` set --match-set':No such file or directory" vs "Set some-unexisting-set doesn't exist." in the error.