bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-11 10:38 UTC
[Bug 447] New: iptables doesn't support multiple times the same match in one rule
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=447
Summary: iptables doesn't support multiple times the same match
in one rule
Product: iptables
Version: 1.3.5
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: iptables
AssignedTo: laforge@netfilter.org
ReportedBy: laforge@netfilter.org
CC: kaber@trash.net
BugsThisDependsOn: 440
iptables doesn't support multiple times the same match in one rule, neither
does
it fail gracefully.
Before svn revv 6465, it would oops through a double-free (see bug #440). Now a
rule like
iptables -A INPUT -p tcp -m multiport --dport 45,47 -m multiport --sport 45:48
actually ends up as:
0 0 tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport sports multiport sports tcp spts:45:48
As you can see, the matchinfo computed by the last multiport match is
'copied'
over the previous ones. IIRC, this is caused by the matchinfo being attached to
the match plugin, rather to the instance of a match plugin.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Possibly Parallel Threads
- [Bug 447] iptables doesn't support multiple times the same match in one rule
- [Bug 94] Limit match not working.
- [Bug 568] New: iptables-save saves option hashlimit-htable-gcinterval with error
- [Bug 95] inverse limit match doesn't work
- [Bug 34] Redirecting udp packets to closed port gives bad icmp error
Wisdom of the Ancients
