* iptables 1.4.1 + iprange fails for me
@ 2008-06-13 6:02 Maxim Britov
2008-06-13 6:37 ` Rob Sterenborg
2008-06-13 8:47 ` Jan Engelhardt
0 siblings, 2 replies; 6+ messages in thread
From: Maxim Britov @ 2008-06-13 6:02 UTC (permalink / raw)
To: netfilter; +Cc: netfilter-devel
I updated yesterday kernel + iptables on my router (into Internet) box.
Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora rawhide.
I'm use kernel without modules on that box.
I found troubles with iprange:
# iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP
# iptables-save |fgrep range
-A INPUT -m iprange -j DROP
iptables -L -n show it as:
DROP all -- 0.0.0.0/0 0.0.0.0/0
--
Maxim Britov
GnuPG KeyID 0x4580A6D66F3DB1FB xmpp:maxim@modum.by
Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB
GnuPG-ru Team (http://lists.gnupg.org/mailman/listinfo/gnupg-ru
xmpp:gnupg-ru@conference.jabber.ru)
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: iptables 1.4.1 + iprange fails for me
2008-06-13 6:02 iptables 1.4.1 + iprange fails for me Maxim Britov
@ 2008-06-13 6:37 ` Rob Sterenborg
[not found] ` <20080613104908.048fe98b@maxim.office.modum.by>
2008-06-13 8:47 ` Jan Engelhardt
1 sibling, 1 reply; 6+ messages in thread
From: Rob Sterenborg @ 2008-06-13 6:37 UTC (permalink / raw)
To: netfilter
> I updated yesterday kernel + iptables on my router (into Internet)
> box. Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from
> fedora rawhide.
> I'm use kernel without modules on that box.
>
> I found troubles with iprange:
> # iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP
> # iptables-save |fgrep range -A INPUT -m iprange -j DROP
>
> iptables -L -n show it as:
> DROP all -- 0.0.0.0/0 0.0.0.0/0
And what does "iptables -nvL" say?
Grts,
Rob
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables 1.4.1 + iprange fails for me
2008-06-13 6:02 iptables 1.4.1 + iprange fails for me Maxim Britov
2008-06-13 6:37 ` Rob Sterenborg
@ 2008-06-13 8:47 ` Jan Engelhardt
2008-06-13 10:24 ` Maxim Britov
2008-06-13 16:00 ` Patrick McHardy
1 sibling, 2 replies; 6+ messages in thread
From: Jan Engelhardt @ 2008-06-13 8:47 UTC (permalink / raw)
To: Maxim Britov; +Cc: netfilter, netfilter-devel
On Friday 2008-06-13 08:02, Maxim Britov wrote:
>I updated yesterday kernel + iptables on my router (into Internet) box.
>Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora rawhide.
>I'm use kernel without modules on that box.
>
>I found troubles with iprange:
># iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP
># iptables-save |fgrep range
>-A INPUT -m iprange -j DROP
>
>iptables -L -n show it as:
>DROP all -- 0.0.0.0/0 0.0.0.0/0
>
commit 5aba9d57d07b3f5474f3c0e71e9309a841e932ae
Author: Jan Engelhardt <jengelh@medozas.de>
Date: Fri Jun 13 10:43:01 2008 +0200
iprange: kernel flags were not set
The --src-range and --dst-range parameters did not set the IPRANGE_*
flags in struct xt_iprange_mtinfo.
Reported-by: Maxim Britov <maxim.britov@gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_iprange.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 70fcc57..8c8521e 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -119,6 +119,9 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
if (ia == NULL)
param_act(P_BAD_VALUE, "iprange", "--src-ip", end + 1);
memcpy(&info->src_max.in, ia, sizeof(*ia));
+ info->flags |= IPRANGE_SRC;
+ if (invert)
+ info->flags |= IPRANGE_SRC_INV;
*flags |= F_SRCIP;
return true;
@@ -135,6 +138,9 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags,
if (ia == NULL)
param_act(P_BAD_VALUE, "iprange", "--dst-ip", end + 1);
memcpy(&info->dst_max.in, ia, sizeof(*ia));
+ info->flags |= IPRANGE_DST;
+ if (invert)
+ info->flags |= IPRANGE_DST_INV;
*flags |= F_DSTIP;
return true;
}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* RE: iptables 1.4.1 + iprange fails for me
[not found] ` <20080613104908.048fe98b@maxim.office.modum.by>
@ 2008-06-13 8:52 ` Rob Sterenborg
0 siblings, 0 replies; 6+ messages in thread
From: Rob Sterenborg @ 2008-06-13 8:52 UTC (permalink / raw)
To: netfilter
Maxim Britov <mailto:maxim.britov@gmail.com> wrote on Friday , 13 June 2008
09:49:
Please post answers to the list so others can answer too.
>>> I updated yesterday kernel + iptables on my router (into Internet)
>>> box. Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora
>>> rawhide. I'm use kernel without modules on that box.
>>>
>>> I found troubles with iprange:
>>> # iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP
>>> # iptables-save |fgrep range -A INPUT -m iprange -j DROP
>>>
>>> iptables -L -n show it as:
>>> DROP all -- 0.0.0.0/0 0.0.0.0/0
>>
>> And what does "iptables -nvL" say?
>
> 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
Perhaps the -v would have shown the info you were looking for but in this
case I don't know, perhaps someone does.
Grts,
Rob
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables 1.4.1 + iprange fails for me
2008-06-13 8:47 ` Jan Engelhardt
@ 2008-06-13 10:24 ` Maxim Britov
2008-06-13 16:00 ` Patrick McHardy
1 sibling, 0 replies; 6+ messages in thread
From: Maxim Britov @ 2008-06-13 10:24 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1054 bytes --]
On Fri, 13 Jun 2008 10:47:40 +0200 (CEST)
Jan Engelhardt wrote:
> On Friday 2008-06-13 08:02, Maxim Britov wrote:
>
> >I updated yesterday kernel + iptables on my router (into Internet) box.
> >Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora rawhide.
> >I'm use kernel without modules on that box.
> >
> >I found troubles with iprange:
> ># iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP
> ># iptables-save |fgrep range
> >-A INPUT -m iprange -j DROP
> >
> >iptables -L -n show it as:
> >DROP all -- 0.0.0.0/0 0.0.0.0/0
> >
>
> commit 5aba9d57d07b3f5474f3c0e71e9309a841e932ae
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date: Fri Jun 13 10:43:01 2008 +0200
Thanks. Seems fixed for me.
--
Maxim Britov
GnuPG KeyID 0x4580A6D66F3DB1FB xmpp:maxim@modum.by
Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB
GnuPG-ru Team (http://lists.gnupg.org/mailman/listinfo/gnupg-ru
xmpp:gnupg-ru@conference.jabber.ru)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 835 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables 1.4.1 + iprange fails for me
2008-06-13 8:47 ` Jan Engelhardt
2008-06-13 10:24 ` Maxim Britov
@ 2008-06-13 16:00 ` Patrick McHardy
1 sibling, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2008-06-13 16:00 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Maxim Britov, netfilter, netfilter-devel
Jan Engelhardt wrote:
> iprange: kernel flags were not set
>
> The --src-range and --dst-range parameters did not set the IPRANGE_*
> flags in struct xt_iprange_mtinfo.
>
> Reported-by: Maxim Britov <maxim.britov@gmail.com>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Applied, thanks Jan.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-06-13 16:00 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-13 6:02 iptables 1.4.1 + iprange fails for me Maxim Britov
2008-06-13 6:37 ` Rob Sterenborg
[not found] ` <20080613104908.048fe98b@maxim.office.modum.by>
2008-06-13 8:52 ` Rob Sterenborg
2008-06-13 8:47 ` Jan Engelhardt
2008-06-13 10:24 ` Maxim Britov
2008-06-13 16:00 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox