[Bug 842] New: Addition of iptables rule referencing an ipset of the wrong address family does not fail
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Aug 13 02:27:15 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=842
Summary: Addition of iptables rule referencing an ipset of the
wrong address family does not fail
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: quentin at armitage.org.uk
Estimated Hours: 0.0
I can add an iptables rule that references an ipset of the wrong address
family, which doesn't seem sensible.
For example:
ipset create foo hash:ip family inet
ip6tables -A foo_chain -m set --match-set foo -j LOG
or
ipset create foo6 hash:ip family inet6
iptables -A foo_chain -m set --match-set foo6 -j LOG
or even more bizarrely:
ipset create foo hash:ip family inet
ipset add foo 1.2.3.4
ip6tables -A foo_chain -s 2001:35:1:2:3:4:5:6 -m set --match-set foo -j LOG
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list