* iptables problem: conntrack rev 2 does not support port ranges
@ 2011-09-19 11:20 Brian Schang
2011-09-19 11:44 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Brian Schang @ 2011-09-19 11:20 UTC (permalink / raw)
To: netfilter
Hello:
Last night I upgraded from 'iptables 1.4.10' to 'iptables 1.4.12.1'.
When doing so, I encountered a possible regression: Extended Connection
Tracking Match Support within shorewall was "Available" with v1.4.10,
but is "Not available" with v1.4.12.1. Note that I am using 'shorewall
4.4.23.3' and openSuSE 11.4 with its stock kernal 2.6.37.6-0.7-default.
I dug into this a little bit and discovered:
# iptables -A test -m conntrack -p tcp --ctorigdstport 22 -j ACCEPT
iptables v1.4.12.1: conntrack rev 2 does not support port ranges
Try `iptables -h' or 'iptables --help' for more information.
With some Googling, I discovered that Tom Eastep had encountered the
same issue. He submitted a patch for iptables and Jan Engelhardt
ultimately released 'iptables 1.4.12.1'.
For some reason, iptables v1.4.12.1 does not seem to have fixed the
issue for me. Has anyone else seen this problem? Any suggestions?
Thanks.
--
Brian
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables problem: conntrack rev 2 does not support port ranges
2011-09-19 11:20 iptables problem: conntrack rev 2 does not support port ranges Brian Schang
@ 2011-09-19 11:44 ` Jan Engelhardt
2011-10-01 1:12 ` Brian Schang
0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2011-09-19 11:44 UTC (permalink / raw)
To: Brian Schang; +Cc: netfilter
On Monday 2011-09-19 13:20, Brian Schang wrote:
> I dug into this a little bit and discovered:
> # iptables -A test -m conntrack -p tcp --ctorigdstport 22 -j ACCEPT
> iptables v1.4.12.1: conntrack rev 2 does not support port ranges
> Try `iptables -h' or 'iptables --help' for more information.
>
> With some Googling, I discovered that Tom Eastep had encountered the same
> issue. He submitted a patch for iptables and Jan Engelhardt ultimately released
> 'iptables 1.4.12.1'.
(It was not me who released 1.4.12.1.)
Tom Eastep's fix was only merged after that release.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables problem: conntrack rev 2 does not support port ranges
2011-09-19 11:44 ` Jan Engelhardt
@ 2011-10-01 1:12 ` Brian Schang
0 siblings, 0 replies; 3+ messages in thread
From: Brian Schang @ 2011-10-01 1:12 UTC (permalink / raw)
To: netfilter
Hello:
On 9/19/2011 7:44 AM, Jan Engelhardt wrote:
> On Monday 2011-09-19 13:20, Brian Schang wrote:
>
>> I dug into this a little bit and discovered:
>> # iptables -A test -m conntrack -p tcp --ctorigdstport 22 -j ACCEPT
>> iptables v1.4.12.1: conntrack rev 2 does not support port ranges
>> Try `iptables -h' or 'iptables --help' for more information.
>>
>> With some Googling, I discovered that Tom Eastep had encountered the same
>> issue. He submitted a patch for iptables and Jan Engelhardt ultimately released
>> 'iptables 1.4.12.1'.
>
> (It was not me who released 1.4.12.1.)
>
> Tom Eastep's fix was only merged after that release.
My apologies -- thanks for clarifying. I misinterpreted the git history.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-10-01 1:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-19 11:20 iptables problem: conntrack rev 2 does not support port ranges Brian Schang
2011-09-19 11:44 ` Jan Engelhardt
2011-10-01 1:12 ` Brian Schang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox