search for: xt_conntrack_status

Displaying 1 result from an estimated 1 matches for "xt_conntrack_status".

Did you mean: xt_conntrack_state
[Bug 873] New: iptables -I CHAIN -m conntrack ! --ctproto 0 is intended to produce an error message, but it doesn't (usually)
2013 Nov 23
1
[Bug 873] New: iptables -I CHAIN -m conntrack ! --ctproto 0 is intended to produce an error message, but it doesn't (usually)
...p; XT_INV_PROTO) is using the wrong mask ii) in conntrack_mt_parse it is testing (info->invert_flags & XT_INV_PROTO) before the invert bit has been set. iii) the sense of the error message is the wrong way round i) To get the error, ! -ctstatus XXX has to be specified, since XT_INV_PROTO == XT_CONNTRACK_STATUS e.g. iptables -I CHAIN -m conntrack ! --ctstatus ASSURED --ctproto 0 ... iii) Unlike --proto 0 (where 0 means all protocols), in the conntrack match --ctproto 0 appears to mean protocol 0, which can never be. Therefore --ctproto 0 could never match and ! --ctproto 0 will always match. Both of th...