netfilter buglog - Sep 2009 - [Bug 604] New: OUTPUT/FORWARD drop for udp not working

http://bugzilla.netfilter.org/show_bug.cgi?id=604

           Summary: OUTPUT/FORWARD drop for udp not working
           Product: iptables
           Version: unspecified
          Platform: i386
        OS/Version: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P1
         Component: iptables
        AssignedTo: laforge at netfilter.org
        ReportedBy: salvatorelionetti at yahoo.it


Hi,

i'am on an Ubuntu 9.04. This commands

iptables -I OUTPUT -p udp -j DROP
iptables -I FORWARD -p udp -j DROP
iptables -I INPUT -p udp -j DROP (just for try)

does not block a DHCP request from my PC toward the network

iptables -I OUTPUT -p tcp -j DROP

work good, freezing for example an ssh session toward the network.

Any hint?
Have a good day


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.netfilter.org/show_bug.cgi?id=604


kernel at linuxace.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kernel at linuxace.com
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Comment #1 from kernel at linuxace.com  2009-10-15 16:59 -------
Because DHCP uses raw sockets to send its packets, bypassing the TCP/IP stack
(and iptables).  This is necessary because the box does not yet have an IP
address.  Nothing wrong with iptables here - closing bug.  


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.