thr3ads.net - netfilter buglog - [Bug 585] New: dely in using rule [Mar 2009]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-11 13:01 UTC

[Bug 585] New: dely in using rule

http://bugzilla.netfilter.org/show_bug.cgi?id=585

           Summary: dely in using rule
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: i386
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: critical
          Priority: P1
         Component: NAT
        AssignedTo: laforge at netfilter.org
        ReportedBy: nima0102 at gmail.com


Hi
when I add one rule to PREROUTING chain of NAT tabls. iptables does not use
this rule immediately after import this rule,that means packet counter of this
chain is zero but after some minute packet match against this rule and counter
is increased,


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-29 23:00 UTC

head link

[Bug 585] dely in using rule

http://bugzilla.netfilter.org/show_bug.cgi?id=585


jengelh at medozas.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Comment #1 from jengelh at medozas.de  2009-03-30 01:00 -------
Only "NEW" connections visit the nat table, ESTABLISHED ones do not.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-30 06:05 UTC

head link

[Bug 585] dely in using rule

http://bugzilla.netfilter.org/show_bug.cgi?id=585


nima0102 at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




------- Comment #2 from nima0102 at gmail.com  2009-03-30 08:05 -------
thanks for your reply 
but I have this problem with UDP rules as example :
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.2.1:53

according to your tolds then UDP must immediately match against this rule after
adding to iptables


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Apr-03 20:35 UTC

head link

[Bug 585] dely in using rule

http://bugzilla.netfilter.org/show_bug.cgi?id=585





------- Comment #3 from jengelh at medozas.de  2009-04-03 22:35 -------
No, because the connection state for an UDP connection may already be
ESTABLISHED (cf. `conntrack -L`).


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Apr-05 11:51 UTC

head link

[Bug 585] delay in using rule

http://bugzilla.netfilter.org/show_bug.cgi?id=585


jengelh at medozas.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WORKSFORME
            Summary|dely in using rule          |delay in using rule




------- Comment #4 from jengelh at medozas.de  2009-04-05 13:51 -------
Connection Tracking/NAT is independent of iptables.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Apr-05 15:56 UTC

head link

[Bug 585] delay in using rule

http://bugzilla.netfilter.org/show_bug.cgi?id=585


nima0102 at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |




------- Comment #5 from nima0102 at gmail.com  2009-04-05 17:56 -------
(In reply to comment #4)> Connection Tracking/NAT is independent of iptables.
> 
thanks for your attention 
but I did not understand your mention, May you explain? 
thanks in advanced


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Jun-23 02:10 UTC

head link

[Bug 585] delay in using rule

http://bugzilla.netfilter.org/show_bug.cgi?id=585


jengelh at medozas.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WORKSFORME




------- Comment #6 from jengelh at medozas.de  2009-06-23 04:10 -------
There is a 30 second default timeout for connectionless protocols.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

netfilter buglog - Mar 2009 - [Bug 585] New: dely in using rule

[Bug 585] New: dely in using rule

[Bug 585] dely in using rule

[Bug 585] dely in using rule

[Bug 585] dely in using rule

[Bug 585] delay in using rule

[Bug 585] delay in using rule

[Bug 585] delay in using rule