[Bug 1407] New: Segfault with iptables-nft-restore when flush rules included

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Feb 16 21:04:27 CET 2020


            Bug ID: 1407
           Summary: Segfault with iptables-nft-restore when flush rules
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: iptables over nftable
          Assignee: pablo at netfilter.org
          Reporter: alb.molina at gmail.com

Forwarded from Debian https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950535

A user reported a segfault with the next ruleset using iptables-nft-restore:

-A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194

I wonder with the inclusion of '-F' rules, but after some tests I can confirm
the segfault with iptables-nft-restore in several iptables releases (1.8.2,
1.8.3 and 1.8.4) while iptables-legacy-restore executes it without a segfault.

The user reported the ruleset was obtained from ufw [1], but according to a
conversation with ufw's creator, this program doesn't include any '-F' rules in
the nat table, so it seems a customization and accidental inclusion of those

In any case, I considered that this behaviour should be reported upstream.



[1] https://launchpad.net/ufw

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200216/3ea14ff8/attachment.html>

More information about the netfilter-buglog mailing list