bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 15:45 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-08-29 15:45 MET -------
Thats expected, "+" matches only a single character, so you need to
use "tun++".
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 15:45 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-08-29 15:45 MET -------
Thats expected, "+" matches only a single character, so you need to
use "tun++".
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 15:59 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507 ------- Additional Comments From fguiliani@perinfo.com 2006-08-29 15:59 MET ------- (In reply to comment #1)> Thats expected, "+" matches only a single character, so you need to use "tun++". >So let me suggest a change to the man page of iptables who actually is: -i, --in-interface [!] name If the interface name ends in a "+", then any interface which begins with this name will match. and the --help option of iptables: --in-interface -i [!] input name[+] network interface name ([+] for wildcard) it does not mention that "+" is for only one char. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 16:03 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
------- Additional Comments From kaber@trash.net 2006-08-29 16:03 MET -------
Hmm actually you may be right, the code seems to attempt to let a trailing +
match anything. Let me look into this again ..
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 16:03 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
------- Additional Comments From kaber@trash.net 2006-08-29 16:03 MET -------
Hmm actually you may be right, the code seems to attempt to let a trailing +
match anything. Let me look into this again ..
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 16:17 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507 ------- Additional Comments From kaber@trash.net 2006-08-29 16:17 MET ------- Tested locally and it works perfectly fine with dummy renamed to tun99. There haven't been any changes in this code (neither kernel nor userspace) for ages, so I guess your ruleset allows these packet to return from the tun_fwd chain and thats the reason why you seem them afterwards. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 16:17 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507 ------- Additional Comments From kaber@trash.net 2006-08-29 16:17 MET ------- Tested locally and it works perfectly fine with dummy renamed to tun99. There haven't been any changes in this code (neither kernel nor userspace) for ages, so I guess your ruleset allows these packet to return from the tun_fwd chain and thats the reason why you seem them afterwards. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Aug-29 17:40 UTC
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
fguiliani@perinfo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |INVALID
------- Additional Comments From fguiliani@perinfo.com 2006-08-29 17:40 MET
-------
(In reply to comment #4)> Tested locally and it works perfectly fine with dummy renamed to tun99.
There
> haven't been any changes in this code (neither kernel nor userspace)
for ages,
> so I guess your ruleset allows these packet to return from the tun_fwd
chain and
> thats the reason why you seem them afterwards.
Thanks, I will go next to Shorewall bugreport then ;)
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Maybe Matching Threads
- [Bug 507] New: tun99 don't trapped by tun+
- CTI (Computer-Telephony Integration) with Asterisk ?
- [Bug 552] Strange DNAT behaviour... packet don't pass to PREROUTING and go directly in INPUT !!
- Bug? wildcard interfaces not accepted in fwd chain
- [Bug 511] Premature ip_conntrack timer expiry on 3+ window size advertisements