[Bug 1298] Issue with REJECT in custom chains

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Fri Nov 16 12:35:48 CET 2018


https://bugzilla.netfilter.org/show_bug.cgi?id=1298

Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fw at strlen.de

--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to Arturo Borrero Gonzalez from comment #0)
> Original bug report: https://bugs.debian.org/913877
> 
> === 8< ===
> 
> Since upgrading iptables to the 1.8.2 version it has been completely
> unable to do that vital task due to problems within nftables / iptables.
> 
> The example that I am facing right now is with active and large DoS
> attacks email spam attacks. When fail2ban attempts to add the firewall
> blocks, such as;
> 
>  iptables -w -I f2b-postfix-sasl 1 -s 80.82.70.189 \
>   -j REJECT --reject-with icmp-port-unreachable

Works fine for me.
Upstream report claims this doesn't work:


 iptables -N test-foo
 iptables -I test-foo 1 -s 127.0.0.1 -j REJECT

It works fine for me on Fedrora 29, using 4.18 based kernel with iptables-nft
1.8.2 on x86_64

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181116/4bbd6c6e/attachment.html>


More information about the netfilter-buglog mailing list