kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #25134
[Bug 1234877] Re: ip6tables - --reject-with tcp-reset does not work correctly in chain OUTPUT
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1234877
Title:
ip6tables - --reject-with tcp-reset does not work correctly in chain
OUTPUT
Status in “linux” package in Ubuntu:
Incomplete
Bug description:
Hello,
We use:
Description: Ubuntu 12.04.3 LTS
Release: 12.04
kernel 3.2.2 (checked also 3.8* and 3.10.5-031005-generic kernels. Same.)
iptables=1.4.12-1ubuntu5
and ipv6
We noticed that --reject-with tcp-reset works 7 seconds:
ip6tables -I OUTPUT -p tcp --dport 10001 -j REJECT --reject-with tcp-reset
such rule
ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp anywhere anywhere tcp dpt:10001 reject-with tcp-reset
time telnet <ourlovelyipv6onlyserver> 10001
Trying 2a02:6b8:0:c10*...
telnet: Unable to connect to remote host: Connection timed out
real 0m7.012s
user 0m0.000s
sys 0m0.000s
Rule works:
ip6tables -vL
Chain INPUT (policy ACCEPT 506 packets, 49495 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 346 packets, 37392 bytes)
pkts bytes target prot opt in out source destination
3 216 REJECT tcp any any anywhere anywhere tcp dpt:10001 reject-with tcp-reset
Tcpdump is empty. Packet counter increases. All well.
But it works 7 seconds
iptables does the same within 0.005s
I think this is a bug.
Thank you.
Have a nice day.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1234877/+subscriptions
