thr3ads.net - netfilter buglog - [Bug 564] New: -L does not show an interface selection [Nov 2008]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.netfilter.org

2008-Nov-26 19:42 UTC

[Bug 564] New: -L does not show an interface selection

http://bugzilla.netfilter.org/show_bug.cgi?id=564

           Summary: -L does not show an interface selection
           Product: iptables
           Version: 1.2.11
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: minor
          Priority: P3
         Component: iptables
        AssignedTo: laforge at netfilter.org
        ReportedBy: TruesdellDouglasA at johndeere.com


Summary: This rule
-A INPUT -i lo -j ACCEPT

lists as
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere

This is a confusing report, because it appears that all packets are allowed,
when only loopback interface packets are allowed.

Details: I had a rule to allow all loopback packets:
ACCEPT     all  --  localhost.localdomain  anywhere

However, I logged this exception:
Nov 26 10:34:20 ltalweb1 kernel: iptables:IN=lo
OUTMAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=204.54.71.176
DST=204.54.71.176 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11257 PROTO=TCP SPT=38728
DPT=1723 WINDOW=4096 RES=0x00 SYN URGP=0

It seems that the loopback interface is not trapped with the localhost
directive, so I added another rule to allow packets in on the loopback
interface.

When I list the table now, it shows a rule accept from anywhere to anywhere,
but does not say this is only on the loopback interface.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2008-Nov-26 22:27 UTC

head link

[Bug 564] -L does not show an interface selection

http://bugzilla.netfilter.org/show_bug.cgi?id=564


kernel at linuxace.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kernel at linuxace.com
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Comment #1 from kernel at linuxace.com  2008-11-26 23:27 -------
This is why you should use verbose mode if you want to see the interfaces. 
Example:

# iptables -nvL INPUT | grep lo
   67  4866 ACCEPT     all  --  lo     *       0.0.0.0/0    0.0.0.0/0

Closing, not a bug.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

netfilter buglog - Nov 2008 - [Bug 564] New: -L does not show an interface selection

[Bug 564] New: -L does not show an interface selection

[Bug 564] -L does not show an interface selection