 |
`man 8 iptables` on CentOS 7, Rocky Linux 8, Rocky Linux 9 state: [!] -s, --source address[/mask][,...] Source specification. Address can be either a network name, a hostname, a network IP address (with /mask), or a plain IP address. Hostnames will be resolved once only, before the rule is submitted to the kernel. Please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea. The mask can be either an ipv4 network mask (for iptables) or a plain number, specifying the number of 1's at the left side of the network mask. Thus, an iptables mask of 24 is equivalent to 255.255.255.0. A "!" argument before the address specification inverts the sense of the address. The flag --src is an alias for this option. Multiple addresses can be specified, but this will expand to multiple rules (when adding with -A), or will cause multiple rules to be deleted (with -D). This shows that "=" is likely not expected. Can you present examples or official documentation that shows that `--source=x.x.x.x` should work? If you can, then this may be a bug to report upstream. Note that even if this is an upstream regression, iptables is considered legacy; all iptables commands use the nf_tables backend instead of the legacy backend. As such, it may be unlikely it will be fixed. |
- Anonymous
