Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

This bug has been fixed upstream and it will go in 1.8.5 release. Thanks for reporting. Alberto

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Hi Alberto, hi Jamie, Am 17.02.20 um 18:06 schrieb Alberto Molina Coballes: > > These rules were not generated by ufw. The current released version of > ufw does not do any management of the nat table. Furthermore, > iptables-restore rules in /etc/ufw/*rules do not contain any '-F's. > I made

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1407 Control: severity -1 normal Hi Christoph, I'm quoting a email from Jamie Strandboge, who is both the maintainer in Debian and the creator of ufw, and has kindly replied my question about this bug: [quote] ... These rules

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

On Thu, Feb 13, 2020 at 11:05:13AM +0100, Christoph Martin wrote: > > I choose the grave severity because the bug makes a reload of ufw fail > and then the firewall is off ! > Yes, I agree with you that it's a serious situation, but we have to determine if it's a general case of iptables (which

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Hil Alberto, Am 13.02.20 um 10:11 schrieb Alberto Molina Coballes: > > Is this ruleset a real one obtained from ufw? I ask because the next one > doesn't result in segfault: > > *nat > -F PREROUTING > -F POSTROUTING > -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194 > COMMIT

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Hi Alberto, Am 13.02.20 um 10:11 schrieb Alberto Molina Coballes: > I don't understand the rule "-F PREROUTING" after a "-A ..." one. It > seems that the segfault happens in this specific case (it's a bug of > course, but not a bug with grave severity). I choose the grave severity because the

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Control: tag -1 moreinfo Hi Christoph, Is this ruleset a real one obtained from ufw? I ask because the next one doesn't result in segfault: *nat -F PREROUTING -F POSTROUTING -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194 COMMIT I don't understand the rule "-F PREROUTING"

Bug#950535: iptables-restore segfaults on nat table

Dear Maintainer, I tried to collect some more information and got the following backtrace with the restore command from the submitter. It looks like "expr->ops" contains a null pointer that gets dereferenced. Unfortunately I still see the same crash after upgrading to the versions in backports

Bug#950535: iptables-restore segfaults on nat table

Package: iptables Version: 1.8.2-4 Severity: grave Dear Maintainer, after updateing from stretch to buster ufw failed to work. we have nat-table entries for PREROUTING and POSTROUTING . iptables-restore segfaults on these rules. The following rules lead to the error: *nat -F PREROUTING -A