From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jozsef Kadlecsik Subject: Re: ipporthash doesn't work ( ipset-2.3.0, iptables-1.3.8-15, kernel-2.6.22.3-7-bigsmp, SuSE 10.3 Beta2) Date: Wed, 5 Sep 2007 12:27:21 +0200 (CEST) Message-ID: References: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: netfilter-devel@lists.netfilter.org To: Hung Lin Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org On Wed, 5 Sep 2007, Jozsef Kadlecsik wrote: >> After I insert the iptables rule, I cannot ssh to that machine but I can >> ping it (I tried from different ips: 172.16.1.121, 10.1.5.27, and >> 10.1.5.28.). It's not the correct behavior. I suppose the commands I ran >> should block the package from 10.1.5.28 to the port 7. But it seems to >> block every IP to the port 22. > > I'm unable to reproduce it. The set and rules just work as expected. Ouch! Out of range condition wrongly interpreted as 'yes' instead of 'no'. The fix is already in the svn repository, the updated patch-o-matic shapshot will be out at the ipset site at afternoon. Thank you for spotting this nasty bug. Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary