thr3ads.net - netfilter buglog - [Bug 966] iptables can't change or drop or any effect on scapy packet! [Aug 2023]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at netfilter.org

2023-Aug-05 00:33 UTC

[Bug 966] iptables can't change or drop or any effect on scapy packet!

https://bugzilla.netfilter.org/show_bug.cgi?id=966

Phil Sutter <phil at nwl.cc> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |phil at nwl.cc
         Resolution|---                         |INVALID

--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
As per the one reply on stackexchange, raw sockets will bypass iptables.

Using nftables with its egress hook solves the problem, though:

table netdev t {
    chain c {
        type filter hook egress device "eth0" priority filter;
        udp dport 53 counter drop
    }
}

This snippet works in dropping any UDP packets sent via eth0 with destination
port 53, even with using a raw socket.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230805/c8736ccb/attachment.html>

netfilter buglog - Aug 2023 - [Bug 966] iptables can't change or drop or any effect on scapy packet!

[Bug 966] iptables can't change or drop or any effect on scapy packet!