bugzilla-daemon at netfilter.org
2014-Jun-19 11:13 UTC
[Bug 961] New: Can not remove rules with the default --mask parameter (-m recent)
https://bugzilla.netfilter.org/show_bug.cgi?id=961 Summary: Can not remove rules with the default --mask parameter (-m recent) Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: lex.public at gmail.com Estimated Hours: 0.0 Hi, libxt_recent has a --mask parameter which defaults to 255.255.255.255. When --mask is not specified iptables-save shows the default anyway but iptables -D fails to remove the rule when issuing --mask. Here's an example: # iptables -F INPUT # iptables -A INPUT -m recent --update --rsource --mask 255.255.255.255 -j ACCEPT # iptables-save | grep "A INPUT" -A INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT # iptables -D INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT # iptables-save | grep "A INPUT" Everything works as expected when the mask is specified in the iptables -A command. Now we don't specify --mask: # iptables -A INPUT -m recent --update --rsource -j ACCEPT # iptables-save | grep INPUT -A INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT # iptables -D INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT iptables: Bad rule (does a matching rule exist in that chain?). # iptables -D INPUT -m recent --update --name DEFAULT --rsource -j ACCEPT # iptables-save | grep "A INPUT" I believe this is an unexpected behavior, what's the best way to fix it? -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2017-Jun-23 11:24 UTC
[Bug 961] Can not remove rules with the default --mask parameter (-m recent)
https://bugzilla.netfilter.org/show_bug.cgi?id=961 Oliver Ford <ojford at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|netfilter-buglog at lists.netf |ojford at gmail.com |ilter.org | CC| |ojford at gmail.com -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170623/7f1d8388/attachment.html>
bugzilla-daemon at netfilter.org
2017-Jun-29 15:06 UTC
[Bug 961] Can not remove rules with the default --mask parameter (-m recent)
https://bugzilla.netfilter.org/show_bug.cgi?id=961 Oliver Ford <ojford at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |WORKSFORME --- Comment #1 from Oliver Ford <ojford at gmail.com> --- Works correctly on iptables 1.6.1, kernel 4.9. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170629/7bca1fa0/attachment.html>
Apparently Analagous Threads
- [Bug 1152] New: iptables-xml crashed on -D rules
- [Bug 1085] New: No warning for weird interface characters if interface contains wildcard character
- [Bug 905] New: Please support passing a filename to iptables-save
- [Bug 1131] New: iptables-restore crashes on some fuzzed input
- [Bug 989] New: Deprecated function gethostbyaddr used in xtables