<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Rule to accept INPUT address range does not block address that are not in range specified"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1379">1379</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Rule to accept INPUT address range does not block address that are not in range specified
</td>
</tr>
<tr>
<th>Product</th>
<td>iptables
</td>
</tr>
<tr>
<th>Version</th>
<td>1.4.x
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>critical
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>iptables
</td>
</tr>
<tr>
<th>Assignee</th>
<td>netfilter-buglog@lists.netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>sprakash@amiindia.co.in
</td>
</tr></table>
<p>
<div>
<pre>After setting RULE to ACCEPT input address range, it is observed that IP
address not in range also can have access to the machine.
~ # iptables -V
iptables v1.4.21
~ # iptables -I INPUT -p all -m iprange --src-range 192.168.1.70-192.168.1.90
-j ACCEPT
~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere source IP range
192.168.1.70-192.168.1.90
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ZERO_WINDOW_RECENT (0 references)
target prot opt source destination
After setting the rule in the server, still able to access server via web and
other client tools from IP address 192.168.1.124 which is outside the range
192.168.1.70-192.168.1.90.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>