[Bug 961] New: Can not remove rules with the default --mask parameter (-m recent)
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Jun 19 13:13:06 CEST 2014
https://bugzilla.netfilter.org/show_bug.cgi?id=961
Summary: Can not remove rules with the default --mask parameter
(-m recent)
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: lex.public at gmail.com
Estimated Hours: 0.0
Hi,
libxt_recent has a --mask parameter which defaults to 255.255.255.255.
When --mask is not specified iptables-save shows the default anyway but
iptables -D fails to remove the rule when issuing --mask.
Here's an example:
# iptables -F INPUT
# iptables -A INPUT -m recent --update --rsource --mask 255.255.255.255 -j
ACCEPT
# iptables-save | grep "A INPUT"
-A INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j
ACCEPT
# iptables -D INPUT -m recent --update --name DEFAULT --mask 255.255.255.255
--rsource -j ACCEPT
# iptables-save | grep "A INPUT"
Everything works as expected when the mask is specified in the iptables -A
command. Now we don't specify --mask:
# iptables -A INPUT -m recent --update --rsource -j ACCEPT
# iptables-save | grep INPUT
-A INPUT -m recent --update --name DEFAULT --mask 255.255.255.255 --rsource -j
ACCEPT
# iptables -D INPUT -m recent --update --name DEFAULT --mask 255.255.255.255
--rsource -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
# iptables -D INPUT -m recent --update --name DEFAULT --rsource -j ACCEPT
# iptables-save | grep "A INPUT"
I believe this is an unexpected behavior, what's the best way to fix it?
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list