* iptables 1.4.1 + iprange fails for me
@ 2008-06-13 6:02 Maxim Britov
2008-06-13 6:37 ` Rob Sterenborg
2008-06-13 8:47 ` Jan Engelhardt
0 siblings, 2 replies; 6+ messages in thread
From: Maxim Britov @ 2008-06-13 6:02 UTC (permalink / raw)
To: netfilter; +Cc: netfilter-devel
I updated yesterday kernel + iptables on my router (into Internet) box.
Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora rawhide.
I'm use kernel without modules on that box.
I found troubles with iprange:
# iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP
# iptables-save |fgrep range
-A INPUT -m iprange -j DROP
iptables -L -n show it as:
DROP all -- 0.0.0.0/0 0.0.0.0/0
--
Maxim Britov
GnuPG KeyID 0x4580A6D66F3DB1FB xmpp:maxim@modum.by
Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB
GnuPG-ru Team (http://lists.gnupg.org/mailman/listinfo/gnupg-ru
xmpp:gnupg-ru@conference.jabber.ru)
^ permalink raw reply [flat|nested] 6+ messages in thread* RE: iptables 1.4.1 + iprange fails for me 2008-06-13 6:02 iptables 1.4.1 + iprange fails for me Maxim Britov @ 2008-06-13 6:37 ` Rob Sterenborg [not found] ` <20080613104908.048fe98b@maxim.office.modum.by> 2008-06-13 8:47 ` Jan Engelhardt 1 sibling, 1 reply; 6+ messages in thread From: Rob Sterenborg @ 2008-06-13 6:37 UTC (permalink / raw) To: netfilter > I updated yesterday kernel + iptables on my router (into Internet) > box. Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from > fedora rawhide. > I'm use kernel without modules on that box. > > I found troubles with iprange: > # iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP > # iptables-save |fgrep range -A INPUT -m iprange -j DROP > > iptables -L -n show it as: > DROP all -- 0.0.0.0/0 0.0.0.0/0 And what does "iptables -nvL" say? Grts, Rob ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <20080613104908.048fe98b@maxim.office.modum.by>]
* RE: iptables 1.4.1 + iprange fails for me [not found] ` <20080613104908.048fe98b@maxim.office.modum.by> @ 2008-06-13 8:52 ` Rob Sterenborg 0 siblings, 0 replies; 6+ messages in thread From: Rob Sterenborg @ 2008-06-13 8:52 UTC (permalink / raw) To: netfilter Maxim Britov <mailto:maxim.britov@gmail.com> wrote on Friday , 13 June 2008 09:49: Please post answers to the list so others can answer too. >>> I updated yesterday kernel + iptables on my router (into Internet) >>> box. Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora >>> rawhide. I'm use kernel without modules on that box. >>> >>> I found troubles with iprange: >>> # iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP >>> # iptables-save |fgrep range -A INPUT -m iprange -j DROP >>> >>> iptables -L -n show it as: >>> DROP all -- 0.0.0.0/0 0.0.0.0/0 >> >> And what does "iptables -nvL" say? > > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 Perhaps the -v would have shown the info you were looking for but in this case I don't know, perhaps someone does. Grts, Rob ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables 1.4.1 + iprange fails for me 2008-06-13 6:02 iptables 1.4.1 + iprange fails for me Maxim Britov 2008-06-13 6:37 ` Rob Sterenborg @ 2008-06-13 8:47 ` Jan Engelhardt 2008-06-13 10:24 ` Maxim Britov 2008-06-13 16:00 ` Patrick McHardy 1 sibling, 2 replies; 6+ messages in thread From: Jan Engelhardt @ 2008-06-13 8:47 UTC (permalink / raw) To: Maxim Britov; +Cc: netfilter, netfilter-devel On Friday 2008-06-13 08:02, Maxim Britov wrote: >I updated yesterday kernel + iptables on my router (into Internet) box. >Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora rawhide. >I'm use kernel without modules on that box. > >I found troubles with iprange: ># iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP ># iptables-save |fgrep range >-A INPUT -m iprange -j DROP > >iptables -L -n show it as: >DROP all -- 0.0.0.0/0 0.0.0.0/0 > commit 5aba9d57d07b3f5474f3c0e71e9309a841e932ae Author: Jan Engelhardt <jengelh@medozas.de> Date: Fri Jun 13 10:43:01 2008 +0200 iprange: kernel flags were not set The --src-range and --dst-range parameters did not set the IPRANGE_* flags in struct xt_iprange_mtinfo. Reported-by: Maxim Britov <maxim.britov@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> --- extensions/libxt_iprange.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 70fcc57..8c8521e 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -119,6 +119,9 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, if (ia == NULL) param_act(P_BAD_VALUE, "iprange", "--src-ip", end + 1); memcpy(&info->src_max.in, ia, sizeof(*ia)); + info->flags |= IPRANGE_SRC; + if (invert) + info->flags |= IPRANGE_SRC_INV; *flags |= F_SRCIP; return true; @@ -135,6 +138,9 @@ iprange_mt4_parse(int c, char **argv, int invert, unsigned int *flags, if (ia == NULL) param_act(P_BAD_VALUE, "iprange", "--dst-ip", end + 1); memcpy(&info->dst_max.in, ia, sizeof(*ia)); + info->flags |= IPRANGE_DST; + if (invert) + info->flags |= IPRANGE_DST_INV; *flags |= F_DSTIP; return true; } ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: iptables 1.4.1 + iprange fails for me 2008-06-13 8:47 ` Jan Engelhardt @ 2008-06-13 10:24 ` Maxim Britov 2008-06-13 16:00 ` Patrick McHardy 1 sibling, 0 replies; 6+ messages in thread From: Maxim Britov @ 2008-06-13 10:24 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter, netfilter-devel [-- Attachment #1: Type: text/plain, Size: 1054 bytes --] On Fri, 13 Jun 2008 10:47:40 +0200 (CEST) Jan Engelhardt wrote: > On Friday 2008-06-13 08:02, Maxim Britov wrote: > > >I updated yesterday kernel + iptables on my router (into Internet) box. > >Kernel from kernel.org 2.6.25.6 + iptables 1.4.1-1 from fedora rawhide. > >I'm use kernel without modules on that box. > > > >I found troubles with iprange: > ># iptables -A INPUT -m iprange --src-range 1.1.1.1-2.2.2.2 -j DROP > ># iptables-save |fgrep range > >-A INPUT -m iprange -j DROP > > > >iptables -L -n show it as: > >DROP all -- 0.0.0.0/0 0.0.0.0/0 > > > > commit 5aba9d57d07b3f5474f3c0e71e9309a841e932ae > Author: Jan Engelhardt <jengelh@medozas.de> > Date: Fri Jun 13 10:43:01 2008 +0200 Thanks. Seems fixed for me. -- Maxim Britov GnuPG KeyID 0x4580A6D66F3DB1FB xmpp:maxim@modum.by Fingerprint: 4059 B5C5 8985 5A47 8F5A 8623 4580 A6D6 6F3D B1FB GnuPG-ru Team (http://lists.gnupg.org/mailman/listinfo/gnupg-ru xmpp:gnupg-ru@conference.jabber.ru) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 835 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables 1.4.1 + iprange fails for me 2008-06-13 8:47 ` Jan Engelhardt 2008-06-13 10:24 ` Maxim Britov @ 2008-06-13 16:00 ` Patrick McHardy 1 sibling, 0 replies; 6+ messages in thread From: Patrick McHardy @ 2008-06-13 16:00 UTC (permalink / raw) To: Jan Engelhardt; +Cc: Maxim Britov, netfilter, netfilter-devel Jan Engelhardt wrote: > iprange: kernel flags were not set > > The --src-range and --dst-range parameters did not set the IPRANGE_* > flags in struct xt_iprange_mtinfo. > > Reported-by: Maxim Britov <maxim.britov@gmail.com> > Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Applied, thanks Jan. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-06-13 16:00 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-13 6:02 iptables 1.4.1 + iprange fails for me Maxim Britov
2008-06-13 6:37 ` Rob Sterenborg
[not found] ` <20080613104908.048fe98b@maxim.office.modum.by>
2008-06-13 8:52 ` Rob Sterenborg
2008-06-13 8:47 ` Jan Engelhardt
2008-06-13 10:24 ` Maxim Britov
2008-06-13 16:00 ` Patrick McHardy
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox