On Jul 6, 2011, at 4:17 PM, Dominic Benson wrote: > > On 7 Jul 2011, at 00:09, Tom Eastep wrote: > >> >> On Jul 6, 2011, at 3:26 PM, Dominic Benson wrote: >> >>> >>> On 6 Jul 2011, at 22:59, Alexander Wilms wrote: >>> >>>> Ack, downgraded to plain openSUSE iptables-1.4.10-3.1.i586.rpm, result is >>>> now a correct "ctorigdstport 52022" >>>> >>>> 1 60 ACCEPT tcp -- * * 0.0.0.0/0 >>>> 192.168.1.2 tcp dpt:22 ctorigdstport 52022 ctorigdst 62.143.214.30 >>>> >>>> My mistake was having the >>>> http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.4/ >>>> repository enabled (for shorewall :-) ) >>>> >>>> >>>> As you knew the bug: Is there already a bug report in the netfilter list? >>> >>> >>> I think this is already fixed in 1.4.11.1, and there's a corresponding >>> patch in Debian sid (1.4.11-3). >>> >> >> I'm running 1.4.11.1 and it isn't fixed there. I just cloned the iptables >> git repository and don't see that it is corrected there either. >> >> -Tom > > Sorry, you're absolutely right. I just realised the test I did would have > matched an ACCEPT anyway.
No problem. I've reported the problem on netfilter-devel. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
