thr3ads.net - netfilter buglog - [Bug 77] New: a bug in the chain PREROUTING of the table nat [Apr 2003]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon@netfilter.org

2003-Apr-14 01:50 UTC

[Bug 77] New: a bug in the chain PREROUTING of the table nat

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=77

           Summary: a bug in the chain PREROUTING of the table nat
           Product: netfilter/iptables
           Version: linux-2.4.x
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: ip_tables (kernel)
        AssignedTo: laforge@netfilter.org
        ReportedBy: tanggm2000@hotmail.com
                CC: netfilter-buglog@lists.netfilter.org


when I used the table nat and insert a rule in the PREROUTING chain as these :
iptables -t nat -I PREROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j DROP
all packets from 192.168.1.10 can not pass through the iptable

then I insert a rule as:
iptables -t nat -I PREROUTING -s 192.168.1.10 -j ACCEPT
all packets from 192.168.1.10 can pass through the iptable

then I delete this rule 
iptables -t nat -D PREROUTING -s 192.168.1.10 -j ACCEPT
UDP packets from 192.168.1.10 can still pass through the iptables!!!
TCP and ICMP packets from 192.168.1.10 can not pass through the iptables.

I think this is a bug in the iptables kernel, is it right?
(i use REDHAT 7.3, iptables 1.2.6a)

in the chain PREROUTING of table mangle i can not found this bug. 

please give me a help, thanks all!



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

netfilter buglog - Apr 2003 - [Bug 77] New: a bug in the chain PREROUTING of the table nat

[Bug 77] New: a bug in the chain PREROUTING of the table nat