bugzilla-daemon at netfilter.org
2014-Jun-19 11:13 UTC
[Bug 961] New: Can not remove rules with the default --mask parameter (-m recent)
https://bugzilla.netfilter.org/show_bug.cgi?id=961
Summary: Can not remove rules with the default --mask parameter
(-m recent)
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: lex.public at gmail.com
Estimated Hours: 0.0
Hi,
libxt_recent has a --mask parameter which defaults to 255.255.255.255.
When --mask is not specified iptables-save shows the default anyway but
iptables -D fails to remove the rule when issuing --mask.
Here's an example:
# iptables -F INPUT
# iptables -A INPUT -m recent --update --rsource --mask 255.255.255.255 -j
ACCEPT
# iptables-save | grep "A INPUT"
-A INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j
ACCEPT
# iptables -D INPUT -m recent --update --name DEFAULT --mask 255.255.255.255
--rsource -j ACCEPT
# iptables-save | grep "A INPUT"
Everything works as expected when the mask is specified in the iptables -A
command. Now we don't specify --mask:
# iptables -A INPUT -m recent --update --rsource -j ACCEPT
# iptables-save | grep INPUT
-A INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j
ACCEPT
# iptables -D INPUT -m recent --update --name DEFAULT --mask 255.255.255.255
--rsource -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
# iptables -D INPUT -m recent --update --name DEFAULT --rsource -j ACCEPT
# iptables-save | grep "A INPUT"
I believe this is an unexpected behavior, what's the best way to fix it?
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2017-Jun-23 11:24 UTC
[Bug 961] Can not remove rules with the default --mask parameter (-m recent)
https://bugzilla.netfilter.org/show_bug.cgi?id=961
Oliver Ford <ojford at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|netfilter-buglog at lists.netf |ojford at gmail.com
|ilter.org |
CC| |ojford at gmail.com
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170623/7f1d8388/attachment.html>
bugzilla-daemon at netfilter.org
2017-Jun-29 15:06 UTC
[Bug 961] Can not remove rules with the default --mask parameter (-m recent)
https://bugzilla.netfilter.org/show_bug.cgi?id=961
Oliver Ford <ojford at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #1 from Oliver Ford <ojford at gmail.com> ---
Works correctly on iptables 1.6.1, kernel 4.9.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170629/7bca1fa0/attachment.html>
Reasonably Related Threads
- [Bug 1152] New: iptables-xml crashed on -D rules
- [Bug 1085] New: No warning for weird interface characters if interface contains wildcard character
- [Bug 905] New: Please support passing a filename to iptables-save
- [Bug 1131] New: iptables-restore crashes on some fuzzed input
- [Bug 989] New: Deprecated function gethostbyaddr used in xtables