mark: fix invalid iptables-save output
When a neg mark is saved via iptables-save it is saved as !--mark, but this is not recognized by iptables-restore, just adding a space to the saved file to make it look like "! --mark" makes iptables-restore accept the file. Signed-off-by: Pablo Sebastian Greco <> Signed-off-by: Pablo Neira Ayuso <>
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 4ee29e71..811cc77e 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -125,7 +125,7 @@ static void mark_mt_save(const void *ip, const struct xt_entry_match *match)
const struct xt_mark_mtinfo1 *info = (const void *)match->data;
if (info->invert)
- printf("!");
+ printf("! ");
printf("--mark ");
print_mark(info->mark, info->mask);