Bug#150467: marked as done (Some chain names do not work)

Fri, 13 Feb 2009 15:50:22 -0800 

Your message dated Fri, 13 Feb 2009 18:45:36 -0500
with message-id <[email protected]>
and subject line Re: Bug#150467: (no subject)
has caused the Debian Bug report #150467,
regarding Some chain names do not work
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
150467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=150467
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: iptables
Version: 1.2.6a-5
Severity: normal

Chain names which correspond to libraries in /lib/iptables cannot be
used: you can create and modify them, but specifying them as a jump
target does not work.  This does not only include the kernel targets
("LOG" etc.), but also names such as "time".

This can break the paket filter after an iptables upgrade
(for example, the "time" module seems to be a recent addition).

IMHO, two approaches should be taken: iptables should warn if you try to
create/modify a predefined chain (or something for which a DSO exists),
and users should be encouraged to use MixedCase convention to avoid
future clashes.

On the other hand, if the lower-case name DSOs are not really jump
targets, iptables should not try to load them at all, and users could
continue to use lower-case names.

Feel free to raise the priority of this bug and add a security tag.
I'm not sure if it is security-relevant or not.  Clearly you should
carefully check the packet filter after an iptables upgrade anyway...

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux CERT 2.4.14-xfs #1 SMP Fri Nov 23 21:34:33 CET 2001 i686
Locale: LANG=C, LC_CTYPE=en_US

Versions of packages iptables depends on:
ii  debconf                       1.1.10     Debian configuration management sy
ii  libc6                         2.2.5-6    GNU C Library: Shared libraries an

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Version: 1.2.7-1

On Fri, Feb 13, 2009 at 5:41 PM, Jan Engelhardt <[email protected]> wrote:

> This was fixed in v1.2.7.
> Please close.

Closed.

--- End Message ---

Reply via email to