[Bug 727] New: Open your firewall by a simple typo
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Sat Jul 2 20:51:05 CEST 2011
http://bugzilla.netfilter.org/show_bug.cgi?id=727
Summary: Open your firewall by a simple typo
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: rl-20100926 at xaq.nl
Estimated Hours: 0.0
I was trying some rules with multiple source addresses:
iptables -A FORWARD -s 10.1.1.1,10.1.1.2 -j ACCEPT
This works fine. No problem. But I happened to make a typo:
iptables -A FORWARD -s 10.1.1.1,10.1.1.2, -j ACCEPT
(watch the comma after the 10.1.1.2)
Well, this is like entering:
iptables -A FORWARD -s 0.0.0.0/0 -j ACCEPT
iptables accepts this without any warning. I don't think it should.
Try this simple rule:
iptables -A INPUT -s 10.1.1.1, -j ACCEPT
and watch your system exposed to the world.
R.
Vanilla kernel 2.6.38.8
Vanilla iptables 1.4.11.1
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list