[Bug 1298] Issue with REJECT in custom chains
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Nov 16 12:35:48 CET 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1298
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at strlen.de
--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to Arturo Borrero Gonzalez from comment #0)
> Original bug report: https://bugs.debian.org/913877
>
> === 8< ===
>
> Since upgrading iptables to the 1.8.2 version it has been completely
> unable to do that vital task due to problems within nftables / iptables.
>
> The example that I am facing right now is with active and large DoS
> attacks email spam attacks. When fail2ban attempts to add the firewall
> blocks, such as;
>
> iptables -w -I f2b-postfix-sasl 1 -s 80.82.70.189 \
> -j REJECT --reject-with icmp-port-unreachable
Works fine for me.
Upstream report claims this doesn't work:
iptables -N test-foo
iptables -I test-foo 1 -s 127.0.0.1 -j REJECT
It works fine for me on Fedrora 29, using 4.18 based kernel with iptables-nft
1.8.2 on x86_64
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181116/4bbd6c6e/attachment.html>
More information about the netfilter-buglog
mailing list