From 2afa3dbe1ce833938e1b39e1b51fd22d7b87ccec Mon Sep 17 00:00:00 2001
From: Derek Nola <derek.nola@suse.com>
Date: Thu, 10 Jun 2021 10:47:03 -0700
Subject: [PATCH] Changed iptables version check for fail if version is between
 1.8.0 and 1.8.3 and using nf_tables mode (#3425)

Signed-off-by: dereknola <derek.nola@suse.com>
---
 contrib/util/check-config.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/contrib/util/check-config.sh b/contrib/util/check-config.sh
index ba8847fd35..bd9568b6e7 100755
--- a/contrib/util/check-config.sh
+++ b/contrib/util/check-config.sh
@@ -197,6 +197,9 @@ echo
   version_ge() {
     [ "$1" = "$2" ] || [ "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" ]
   }
+  version_less() {
+    [ "$(printf '%s\n' "$@" | sort -rV | head -n 1)" != "$1" ]
+  }
   which_iptables() {
     (
       localIPtables=$(command -v iptables)
@@ -224,8 +227,8 @@ echo
     wrap_warn "- $iptablesCmd" "unknown version: $iptablesInfo"
   elif version_ge $iptablesVersion v1.8.0; then
     iptablesMode=$(echo $iptablesInfo | awk '{ print $3 }')
-    if [ "$iptablesMode" != "(legacy)" ]; then
-      wrap_bad "- $label" 'should be older than v1.8.0 or in legacy mode'
+    if [ "$iptablesMode" != "(legacy)" ] && version_less $iptablesVersion v1.8.4; then 
+      wrap_bad "- $label" 'should be older than v1.8.0, newer than v1.8.3, or in legacy mode'
     else
       wrap_good "- $label" 'ok'
     fi