Public bug reported: Hello. This isn't strictly a bug, but more of an upgrade-request on the iptables package. Normally i wouldn't be inclined to submit such a bug report, but a user on the ubuntu-devel-discuss mailing list encouraged me to submit this anyway [1]. For our production systems, we're running into a kernel race condition bug, for which a workaround has been made available. The fix boils down to iptables having a new flag which it passes down to the kernel, to enable the workaround. However, the version of iptables in Ubuntu (v1.6.1) doesn't support that kernel feature yet. Specifically, it's introduced in this commit on the iptables codebase: https://git.netfilter.org/iptables/commit/?id=8b0da2130b8af3890ef20afb2305f11224bb39ec.
The feature we need from that commit is part of the v1.6.2 and newer iptables releases, but it looks like the Bionic, Cosmic, and Disco releases of Ubuntu all include v1.6.1 without that patch, so for now we're going to have to build iptables from source on our production machines. That shouldn't pose any huge issues, but of course, we'd prefer to be able to use the package from package management, or perhaps a backported package from a newer Ubuntu release. So to summarise, this might be an invalid bug report, but consider it a vote to upgrade the packaged version of iptables. If this bug report is entirely inappropriate, then I apologise. 1. Link to thread on ubuntu-devel-discuss where I describe the problem and Nish suggests I file this bug report: https://lists.ubuntu.com/archives/ubuntu-devel- discuss/2018-November/018181.html Ubuntu version we're using: Description: Ubuntu 18.04.1 LTS Release: 18.04 $ apt-cache policy iptables iptables: Installed: 1.6.1-2ubuntu2 Candidate: 1.6.1-2ubuntu2 Version table: *** 1.6.1-2ubuntu2 500 500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status Thanks for your time, Paul ** Affects: iptables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1805543 Title: Packaged version of iptables doesn't provide --random-fully flag. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1805543/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
