On 7 Jul 2011, at 00:09, Tom Eastep wrote: > > On Jul 6, 2011, at 3:26 PM, Dominic Benson wrote: > >> >> On 6 Jul 2011, at 22:59, Alexander Wilms wrote: >> >>> Ack, downgraded to plain openSUSE iptables-1.4.10-3.1.i586.rpm, result is >>> now a correct "ctorigdstport 52022" >>> >>> 1 60 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.2 >>> tcp dpt:22 ctorigdstport 52022 ctorigdst 62.143.214.30 >>> >>> My mistake was having the >>> http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.4/ >>> repository enabled (for shorewall :-) ) >>> >>> >>> As you knew the bug: Is there already a bug report in the netfilter list? >> >> >> I think this is already fixed in 1.4.11.1, and there's a corresponding patch >> in Debian sid (1.4.11-3). >> > > I'm running 1.4.11.1 and it isn't fixed there. I just cloned the iptables git > repository and don't see that it is corrected there either. > > -Tom
Sorry, you're absolutely right. I just realised the test I did would have matched an ACCEPT anyway. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
