bugzilla-daemon at netfilter.org
2014-Jan-23 16:40 UTC
[Bug 887] New: iptables.xslt wrong "match" -m handling
https://bugzilla.netfilter.org/show_bug.cgi?id=887
Summary: iptables.xslt wrong "match" -m handling
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: unknown
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: rep.dot.nop at gmail.com
Estimated Hours: 0.0
iptables-1.4.14 from debian:
echo -e "*nat\n:PREROUTING ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n:INPUT
ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n-A PREROUTING -s 1.1.1.1/32 -d 2.2.2.2/32
-i lo -p tcp -m tcp -j DNAT --to-destination 3.3.3.3\n-A POSTROUTING -d
4.4.4.4/32 -o li -p tcp -j MASQUERADE\nCOMMIT" | iptables-xml | xsltproc
/usr/share/iptables/iptables.xslt -
# Generated by iptables.xslt
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -m s1.1.1.1/32 -m d2.2.2.2/32 -m ilo -m ptcp -m tcp -j DNAT
--to-destination 3.3.3.3
-A POSTROUTING -m d4.4.4.4/32 -m oli -m ptcp -j MASQUERADE
COMMIT
# Completed
As you can see, there are erroneous " -m " inserted everywhere.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jan-24 05:24 UTC
[Bug 887] iptables.xslt wrong "match" -m handling
https://bugzilla.netfilter.org/show_bug.cgi?id=887
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution| |WORKSFORME
--- Comment #1 from Phil Oester <netfilter at linuxace.com> 2014-01-24
06:24:40 CET ---> iptables-1.4.14
So you didn't bother trying a more recent version to see if this has been
fixed
since then?
# /usr/local/iptables/sbin/iptables -V
iptables v1.4.20
# cat foo
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -s 1.1.1.1/32 -d 2.2.2.2/32 -i lo -p tcp -m tcp -j DNAT
--to-destination 3.3.3.3
-A POSTROUTING -d 4.4.4.4/32 -o li -p tcp -j MASQUERADE
COMMIT
# cat foo | /usr/local/iptables/bin/iptables-xml | xsltproc
/usr/src/iptables/iptables/iptables.xslt -
# Generated by iptables.xslt
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -s 1.1.1.1/32 -d 2.2.2.2/32 -i lo -p tcp -m tcp -j DNAT
--to-destination 3.3.3.3
-A POSTROUTING -d 4.4.4.4/32 -o li -p tcp -j MASQUERADE
COMMIT
# Completed
Closing - already fixed.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Reasonably Related Threads
- Simple question about zones (haven''t found in FAQ)
- [Bug 860] New: Bizarre "cannot use" error inconsistent with command line
- [Bug 1687] New: Define set of set with in ipset list:sets
- [Bug 1410] New: STATELESS, rules with notrack into a map
- [Bug 886] New: iptables-xml segfaults on "-APOSTROUTING"