[Bug 775] New: -m owner ! --uid-owner False positive logging
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Mar 8 14:40:57 CET 2012
http://bugzilla.netfilter.org/show_bug.cgi?id=775
Summary: -m owner ! --uid-owner False positive logging
Product: netfilter/iptables
Version: unspecified
Platform: i386
OS/Version: other
Status: NEW
Severity: minor
Priority: P5
Component: ip_tables (kernel)
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: kc-netfilterbugs at chadwicks.me.uk
Estimated Hours: 0.0
On more than one machine using a grsecurity kernel 3.2.9 and iptables v1.4.12.2
though not yet verified on other kernels with the rule.
/usr/sbin/iptables -A OUTPUT -m owner ! --uid-owner bob -m limit --limit 5/sec
--limit-burst 8 -j LOG --log-uid --log-prefix "Not user bob? "
False positive logs similar to:
kernel: Not user bob? IN= OUT=eth0 SRC=192.168.5.2 DST=213.95.27.114 LEN=52
TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=59934 DPT=80 WINDOW=16404
RES=0x00 ACK URGP=0
These packets are from the bob user and yet they are logged whilst the other
parts of the connection are not correctly.
All Log output states ID=0 ACK URGP and without the UID logged.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list