Bug#360448: iptables damages mac rules with kernel-image-2.4.27-3-k7
It is the same bug report, because I didn't kow the exact package for the report. I had never the same problem with iptables before too. I am using the same packet filter script since a couple of years. But now there is a new computer with a new mac adress, and everything goes down. Could it be a buffer overflow or a wrong handled pointer? C is very known for errors like this. Best regards, Hansgeorg Schwibbe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#360448: iptables damages mac rules with kernel-image-2.4.27-3-k7
Package: kernel-image-2.4.27-3-k7 Version: 2.4 Severity: grave I am using my own iptables script where I execute the following iptables commands on startup: iptables -A INPUT -m mac --mac-source 00:20:ED:39:91:E7 -p tcp --dport 3128:3130 -j ACCEPT iptables -A INPUT -m mac --mac-source 00:20:ED:39:91:E7 -p udp --dport 3128:3130 -j ACCEPT iptables -A INPUT -m mac --mac-source 00:12:3F:D6:89:8A -p tcp --dport 3128:3130 -j ACCEPT iptables -A INPUT -m mac --mac-source 00:12:3F:D6:89:8A -p udp --dport 3128:3130 -j ACCEPT iptables -A INPUT -m mac --mac-source 00:13:D3:FD:20:FA -p tcp --dport 3128:3130 -j ACCEPT iptables -A INPUT -m mac --mac-source 00:13:D3:FD:20:FA -p udp --dport 3128:3130 -j ACCEPT iptables -A INPUT -m mac --mac-source 00:14:38:00:AB:A6 -p tcp --dport 3128:3130 -j ACCEPT iptables -A INPUT -m mac --mac-source 00:14:38:00:AB:A6 -p udp --dport 3128:3130 -j ACCEPT iptables -A FORWARD -m mac --mac-source 00:20:ED:39:91:E7 -j ACCEPT iptables -A FORWARD -m mac --mac-source 00:12:3F:D6:89:8A -j ACCEPT iptables -A FORWARD -m mac --mac-source 00:13:D3:FD:20:FA -j ACCEPT iptables -A FORWARD -m mac --mac-source 00:14:38:00:AB:A6 -j ACCEPT When the server is up, the mac rules are correct like this: debian:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhereMAC 00:20:ED:39:91:E7 tcp dpts:3128:icpv2 ACCEPT udp -- anywhereanywhereMAC 00:20:ED:39:91:E7 udp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:12:3F:D6:89:8A tcp dpts:3128:icpv2 ACCEPT udp -- anywhereanywhereMAC 00:12:3F:D6:89:8A udp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:13:D3:FD:20:FA tcp dpts:3128:icpv2 ACCEPT udp -- anywhereanywhereMAC 00:13:D3:FD:20:FA udp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:14:38:00:AB:A6 tcp dpts:3128:icpv2 ACCEPT udp -- anywhereanywhereMAC 00:14:38:00:AB:A6 udp dpts:3128:icpv2 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhereMAC 00:20:ED:39:91:E7 ACCEPT all -- anywhere anywhereMAC 00:12:3F:D6:89:8A ACCEPT all -- anywhere anywhereMAC 00:13:D3:FD:20:FA ACCEPT all -- anywhere anywhereMAC 00:14:38:00:AB:A6 But after some up time the mac rules are morphing like this: debian:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhereMAC 00:20:ED:39:91:E7 tcp dpts:3128:icpv2 ACCEPT udp -- anywhereanywhereMAC 00:20:ED:39:91:E7 udp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:05:5D:F5:E8:FF tcp dpts:3128:icpv2 ACCEPT udp -- anywhereanywhereMAC 00:05:5D:F5:E8:FF udp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:05:5D:F6:10:BD tcp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:05:5D:F6:10:BD tcp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:12:3F:D6:89:8A tcp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:12:3F:D6:89:8A tcp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:14:38:00:AB:A6 tcp dpts:3128:icpv2 ACCEPT tcp -- anywhere anywhereMAC 00:14:38:00:AB:A6 tcp dpts:3128:icpv2 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhereMAC 00:20:ED:39:91:E7 ACCEPT all -- anywhere anywhereMAC 00:05:5D:F5:E8:FF ACCEPT all -- anywhere anywhereMAC 00:05:5D:F6:10:BD ACCEPT all -- anywhere anywhereMAC 00:12:3F:D6:89:8A ACCEPT all -- anywhere anywhereMAC 00:14:38:00:AB:A6 Now is the computer with the mac address 00:13:D3:FD:20:FA unable to access the squid proxy server on port 3128 because the mac adress is completly missing. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#360448: iptables damages mac rules with kernel-image-2.4.27-3-k7
reassign 360448 iptables severity 360448 normal merge 360448 355285 quit On Sun, Apr 02, 2006 at 01:46:29PM +0200, Hansgeorg Schwibbe wrote: When the server is up, the mac rules are correct like this: debian:~# iptables -L Isn't this the same bug you reported previously as bug #355285? Now is the computer with the mac address 00:13:D3:FD:20:FA unable to access the squid proxy server on port 3128 because the mac adress is completly missing. The severity of this report is grossly overinflated; nobody else seems to be experiencing these problems with iptables. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature