netfilter buglog - Jun 2003 - [Bug 106] New: iptables 1.2.5-3 acts differently with different RH Linux kernel versions

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=106

           Summary: iptables 1.2.5-3 acts differently with different RH
                    Linux kernel versions
           Product: iptables userspace
           Version: 1.2.5
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: iptables
        AssignedTo: laforge@netfilter.org
        ReportedBy: jmodecki@hotmail.com
                CC: netfilter-buglog@lists.netfilter.org


iptables 1.2.5-3 is provided with RedHat Linux 7.3.
Use a one-line iptables command to specifically reject auth (port 113) requests 
when making ftp or mail requests from external servers.

iptables -A INPUT -i eth1 -p tcp \
 -d <local IP address> --dport 113 -j REJECT --reject-with tcp-reset

All default policies are "ACCEPT", and there are no other iptables
commands.

Then run "ftp <server-name>"

With RedHat kernel 2.4.18-3 on the client, the ftp server responds immediately 
because the tcp-reset has been sent by the client in response to the auth 
request.

With Redhat kernel 2.4.20-18.7 on the client, the ftp connection hangs while 
the server waits for an auth response or a reset from the client. The wait 
finally times out.  The ftp connection is then made.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.