https://bugzilla.netfilter.org/show_bug.cgi?id=1423
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pablo at netfilter.org
Version|other |unspecified
Assignee|netfilter-buglog at lists.netf |pablo at netfilter.org
|ilter.org |
Component|netfilter bugzilla |trash
Product|bugzilla |trash
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200415/ebc7a5f7/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-18 19:11 UTC
[Bug 1423] New: iptables-translate silently discards --ctstate DNAT
https://bugzilla.netfilter.org/show_bug.cgi?id=1423
Bug ID: 1423
Summary: iptables-translate silently discards --ctstate DNAT
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: iptables over nftable
Assignee: pablo at netfilter.org
Reporter: oldium.pro at gmail.com
Bug originally reported in the Debian tracker:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932899
I am also affected by the bug. I found the Debian bug, but it looks like that
it was ignored, so I am forwarding it here.
Original message follows:
This appears to be wrong -- the DNAT is "eaten":
root at not-omega:~# iptables-translate -t filter -A INPUT -m conntrack
--ctstate DNAT -j ACCEPT
nft add rule ip filter INPUT ct state counter accept
root at not-omega:~# iptables-translate -t filter -A INPUT -m conntrack
--ctstate ESTABLISHED,RELATED,DNAT -j ACCEPT
nft add rule ip filter INPUT ct state related,established counter accept
I think the output should be
root at not-omega:~# iptables-translate -t filter -A INPUT -m conntrack
--ctstate DNAT -j ACCEPT
nft add rule ip filter INPUT ct status dnat counter accept
root at not-omega:~# iptables-translate -t filter -A INPUT -m conntrack
--ctstate ESTABLISHED,RELATED,DNAT -j ACCEPT
nft add rule ip filter INPUT ct state related,established counter accept
nft add rule ip filter INPUT ct status dnat counter accept
I am new to nftables, so I may have missed something obvious.
If so, sorry to bother you!
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200418/35612ed1/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 11:14 UTC
[Bug 1423] iptables-translate silently discards --ctstate DNAT
https://bugzilla.netfilter.org/show_bug.cgi?id=1423
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/391834f2/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 11:15 UTC
[Bug 1423] iptables-translate silently discards --ctstate DNAT
https://bugzilla.netfilter.org/show_bug.cgi?id=1423 --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Patch to address this is available: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20200722111214.21896-1-pablo at netfilter.org/ -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/254cbe67/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Jul-29 22:10 UTC
[Bug 1423] iptables-translate silently discards --ctstate DNAT
https://bugzilla.netfilter.org/show_bug.cgi?id=1423
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Closing, thanks for reporting.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200729/d867353a/attachment.html>
Reasonably Related Threads
- [Bug 874] New: Any conntrack conditions specified with --ctstate INVALID are not checked
- [Bug 874] Any conntrack conditions specified with --ctstate INVALID are not checked
- [Bug 874] Any conntrack conditions specified with --ctstate INVALID are not checked
- [Bug 1448] New: SNAT/DNAT/Masquerading not working for UDPLite protocol
- Problem to access from Win to Win after classicupdate to Samba DC 4.10.7