[Bug 447] New: iptables doesn't support multiple times the same
match in one rule
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Sat Feb 11 10:38:05 CET 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=447
Summary: iptables doesn't support multiple times the same match
in one rule
Product: iptables
Version: 1.3.5
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: iptables
AssignedTo: laforge at netfilter.org
ReportedBy: laforge at netfilter.org
CC: kaber at trash.net
BugsThisDependsOn: 440
iptables doesn't support multiple times the same match in one rule, neither does
it fail gracefully.
Before svn revv 6465, it would oops through a double-free (see bug #440). Now a
rule like
iptables -A INPUT -p tcp -m multiport --dport 45,47 -m multiport --sport 45:48
actually ends up as:
0 0 tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport sports multiport sports tcp spts:45:48
As you can see, the matchinfo computed by the last multiport match is 'copied'
over the previous ones. IIRC, this is caused by the matchinfo being attached to
the match plugin, rather to the instance of a match plugin.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the netfilter-buglog
mailing list