Trying to reproduce this, I have: $ sudo iptables -A INPUT -p tcp -s badaddress.dyndns.org --dport 80 -j ACCEPT iptables v1.3.8: host/network `badaddress.dyndns.org' not found Try `iptables -h' or 'iptables --help' for more information.
iptables is not crashing, but instead is letting you know that you can't use 'badaddress.dyndns.org' as a source address because it is unresolvable. It appears this is a problem in shorewall not gracefully handling this error. PS -- In the vast majority of cases, you do not want to use a hostname in your firewall rules because of things like this and because if someone controls the DNS server on the network your computer is using, then he/she can control access to your firewall. ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability ** Package changed: iptables (Ubuntu) => shorewall (Ubuntu) ** Summary changed: - it seems that a null/non-valid IP (dns error, not instancied on World) crash iptables frozing the ubuntu server + shorewall does not handle non-resolvable hostname gracefully -- shorewall does not handle non-resolvable hostname gracefully https://bugs.launchpad.net/bugs/570611 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
