* IPTImporter.cpp (IPTImporter::pushPolicyRule): fixed #1512 SF

bug 3012953: iptables importer sometimes does not recognize rule with " ESTABLISHED,RELATED ". Parser properly processed iptables rules with state "RELATED,ESTABLISHED" but not when states were in the opposite order.
2026-03-23 19:57:21 +01:00 · 2010-06-08 19:57:49 +00:00 · 2010-06-08 19:57:49 +00:00 · c153b341c3
commit c153b341c3
parent 71f893b213
5 changed files with 13 additions and 2 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 2964
+#define BUILD_NUM 2965
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,5 +1,11 @@
 2010-06-08  Vadim Kurland  <vadim@vk.crocodile.org>

+	* IPTImporter.cpp (IPTImporter::pushPolicyRule): fixed #1512 SF
+	bug 3012953: iptables importer sometimes does not recognize rule
+	with " ESTABLISHED,RELATED ". Parser properly processed iptables
+	rules with state "RELATED,ESTABLISHED" but not when states were
+	in the opposite order.
+
 	* Importer.cpp (Importer::getUDPService): fixed sourceforge bug
 	3012953 name of UDP and TCP objects created during import should
 	follow the same pattern and not include "0-0" for the source ports
--- a/src/gui/IPTImporter.cpp
+++ b/src/gui/IPTImporter.cpp
@ -755,7 +755,8 @@ void IPTImporter::pushPolicyRule()
    rule->getSrv()->setNeg(srv_neg);
    rule->getItf()->setNeg(intf_neg);

-    if (current_state == "RELATED,ESTABLISHED")
+    if (current_state == "RELATED,ESTABLISHED" ||
+        current_state == "ESTABLISHED,RELATED")
    {
        if (rule->getSrc()->isAny() &&
            rule->getDst()->isAny() &&
--- a/src/gui/unit_tests/ImporterTest/test_data/ipt.result
+++ b/src/gui/unit_tests/ImporterTest/test_data/ipt.result
@ -1,5 +1,6 @@
 Ruleset: user_chain
 Using automatic rule controlled by option 'Accept established,related states' to match states RELATED,ESTABLISHED
+Using automatic rule controlled by option 'Accept established,related states' to match states RELATED,ESTABLISHED
 Using automatic rule controlled by option 'Drop packet that do not match any known connection' to match state INVALID
 Using automatic rule controlled by option 'Accept established,related states' to match states RELATED,ESTABLISHED
 Address object: h-21.21.21.21
--- a/src/gui/unit_tests/ImporterTest/test_data/ipt.test
+++ b/src/gui/unit_tests/ImporterTest/test_data/ipt.test
@ -8,6 +8,9 @@
 # this should be recognized as built-in rule
 -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 

+# and this, too
+-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 
+
 # this should be recognized as built-in rule
 -A FORWARD -m state --state INVALID -j drop_invalid