[Bug 727] New: Open your firewall by a simple typo

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Sat Jul 2 20:51:05 CEST 2011


           Summary: Open your firewall by a simple typo
           Product: iptables
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: iptables
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: rl-20100926 at xaq.nl
   Estimated Hours: 0.0

I was trying some rules with multiple source addresses:

iptables -A FORWARD -s, -j ACCEPT

This works fine. No problem. But I happened to make a typo:

iptables -A FORWARD -s,, -j ACCEPT

(watch the comma after the

Well, this is like entering:

iptables -A FORWARD -s -j ACCEPT

iptables accepts this without any warning. I don't think it should.

Try this simple rule:

iptables -A INPUT -s, -j ACCEPT

and watch your system exposed to the world.


Vanilla kernel
Vanilla iptables

Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list