bugzilla-daemon at bugzilla.netfilter.org
2010-Mar-09 09:32 UTC
[Bug 639] New: iptables iprange
http://bugzilla.netfilter.org/show_bug.cgi?id=639
Summary: iptables iprange
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: blocker
Priority: P1
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: paulo.santos at anacom.pt
Dear iptables Team,
I found that iprange match module extension in iptables might not be working in
1.4.7 version.
I was using the following rule in 1.4.0:
-A fwd-acl -d 192.168.1.2/32 -i eth1 -p tcp -m iprange --src-range
10.0.0.1-10.0.0.2 -m tcp --sport 1024:65535 --dport 8585 -m state --state NEW
-j ACCEPT
Now I upgrade to 1.4.7 and found that altough this rule is accepted without an
error, what is in fact taking place is (rules were reloaded with
iptables-restore):
-A fwd-acl -d 192.168.1.2/32 -i eth1 -p tcp -m iprange --src-range
0.0.0.0-0.0.0.0 -m tcp --sport 1024:65535 --dport 8585 -m state --state NEW -j
ACCEPT
Thanks in advance.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2010-Mar-13 12:12 UTC
[Bug 639] iptables iprange
http://bugzilla.netfilter.org/show_bug.cgi?id=639
paulo.santos at anacom.pt changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Comment #1 from paulo.santos at anacom.pt 2010-03-13 13:12 -------
After some additional testing, I have found that this only happens with a
somewhat old linux kernel version. I've tested iptables 1.4.0, 1.4.4, 1.4.5,
1.4.6 and 1.4.7 with linux kernel 2.6.20 (CONFIG_IP_NF_MATCH_IPRANGE) and linux
kernel 2.6.30 (CONFIG_NETFILTER_XT_MATCH_IPRANGE).
With linux kernel version 2.6.20, iprange works correctly up to and including
iptables version 1.4.5. iptables 1.4.6 and 1.4.7 failed to set iprange.
With linux kernel version 2.6.30 iprange works correctly from iptables 1.4.0 to
1.4.7.
So, I'm going to close this bug report.
Thx for your good work.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at bugzilla.netfilter.org
2010-Mar-13 12:12 UTC
[Bug 639] iptables iprange
http://bugzilla.netfilter.org/show_bug.cgi?id=639
paulo.santos at anacom.pt changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.