[Bug 544984] [NEW] netfilter xt_recent --rcheck fails to match
Colm Buckey
colm at tuatha.org
Tue Mar 23 11:38:21 UTC 2010
Public bug reported:
The netfilter module xt_recent (-m recent) fails to match ip addresses.
To reproduce:
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m recent --rcheck -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j REJECT
and have a daemon listening on port 80. Connections to this daemon
succeed when the INPUT table is flushed, or when connecing via
localhost. Connections from a remote machine fail as expected; however
adding the remote machine's IP address to the match list (echo
'+remote.ip.add.ress' > /proc/net/xt_recent/DEFAULT), although the
address then appears in the list, the iptables --recent rule fails to
match; connections are still dropped.
# uname -a
Linux dagda 2.6.32-17-server #26-Ubuntu SMP Sat Mar 20 03:39:37 UTC 2010 x86_64 GNU/Linux
# cat /proc/version_signature
Ubuntu 2.6.32-17.26-server 2.6.32.10+drm33.1
# iptables -V
iptables v1.4.4
# lsmod
Module Size Used by
ipt_REJECT 2384 1
xt_recent 8218 1
xt_tcpudp 2667 2
iptable_filter 2791 1
ip_tables 18358 1 iptable_filter
x_tables 22429 4 ipt_REJECT,xt_recent,xt_tcpudp,ip_tables
[...]
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
netfilter xt_recent --rcheck fails to match
https://bugs.launchpad.net/bugs/544984
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux in ubuntu.
More information about the kernel-bugs
mailing list