thr3ads.net - netfilter buglog - [Bug 98] New: state ESTABLISHED allow ipip tunnels [Jun 2003]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon@netfilter.org

2003-Jun-11 17:29 UTC

[Bug 98] New: state ESTABLISHED allow ipip tunnels

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=98

           Summary: state ESTABLISHED allow ipip tunnels
           Product: netfilter/iptables
           Version: linux-2.4.x
          Platform: i386
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: connection tracking
        AssignedTo: laforge@netfilter.org
        ReportedBy: elacour@easter-eggs.com
                CC: netfilter-buglog@lists.netfilter.org


I saw that just using those rules:

iptables -I INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -m state --state ESTABLISHED -j ACCEPT

with everything else dropped allow an ip in ip tunnel to pass, without
explicitely allow protocol 4.

iptables v1.2.6a
kernel 2.4.20



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

netfilter buglog - Jun 2003 - [Bug 98] New: state ESTABLISHED allow ipip tunnels

[Bug 98] New: state ESTABLISHED allow ipip tunnels