[Bug 564] New: -L does not show an interface selection
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Wed Nov 26 20:42:27 CET 2008
http://bugzilla.netfilter.org/show_bug.cgi?id=564
Summary: -L does not show an interface selection
Product: iptables
Version: 1.2.11
Platform: i386
OS/Version: RedHat Linux
Status: NEW
Severity: minor
Priority: P3
Component: iptables
AssignedTo: laforge at netfilter.org
ReportedBy: TruesdellDouglasA at johndeere.com
Summary: This rule
-A INPUT -i lo -j ACCEPT
lists as
target prot opt source destination
ACCEPT all -- anywhere anywhere
This is a confusing report, because it appears that all packets are allowed,
when only loopback interface packets are allowed.
Details: I had a rule to allow all loopback packets:
ACCEPT all -- localhost.localdomain anywhere
However, I logged this exception:
Nov 26 10:34:20 ltalweb1 kernel: iptables:IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=204.54.71.176
DST=204.54.71.176 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11257 PROTO=TCP SPT=38728
DPT=1723 WINDOW=4096 RES=0x00 SYN URGP=0
It seems that the loopback interface is not trapped with the localhost
directive, so I added another rule to allow packets in on the loopback
interface.
When I list the table now, it shows a rule accept from anywhere to anywhere,
but does not say this is only on the loopback interface.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list