kernel-packages team mailing list archive

Thread
Date

[Bug 544984] Re: netfilter xt_recent --rcheck fails to match

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: "Christopher M. Penalver" <christopher.m.penalver@xxxxxxxxx>
Date: Sat, 17 May 2014 23:27:30 -0000
Reply-to: Bug 544984 <544984@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Colm Buckley, this bug report is being closed due to your last comment
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544984/comments/5
regarding this being fixed with an update. For future reference you can
manage the status of your own bugs by clicking on the current status in
the yellow line and then choosing a new status in the revealed drop down
box. You can learn more about bug statuses at
https://wiki.ubuntu.com/Bugs/Status. Thank you again for taking the time
to report this bug and helping to make Ubuntu better. Please submit any
future bugs you may find.

** Changed in: linux (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/544984

Title:
  netfilter xt_recent --rcheck fails to match

Status in “linux” package in Ubuntu:
  Invalid

Bug description:
  The netfilter module xt_recent (-m recent) fails to match ip
  addresses.  To reproduce:

  iptables -F INPUT
  iptables -F OUTPUT
  iptables -F FORWARD
  iptables -P INPUT ACCEPT
  iptables -P FORWARD ACCEPT
  iptables -P OUTPUT ACCEPT
  iptables -A INPUT -i eth0 -p tcp --dport 80 -m recent --rcheck -j ACCEPT
  iptables -A INPUT -i eth0 -p tcp --dport 80 -j REJECT

  and have a daemon listening on port 80.  Connections to this daemon
  succeed when the INPUT table is flushed, or when connecing via
  localhost.  Connections from a remote machine fail as expected;
  however adding the remote machine's IP address to the match list (echo
  '+remote.ip.add.ress' > /proc/net/xt_recent/DEFAULT), although the
  address then appears in the list, the iptables --recent rule fails to
  match; connections are still dropped.

  # uname -a
  Linux dagda 2.6.32-17-server #26-Ubuntu SMP Sat Mar 20 03:39:37 UTC 2010 x86_64 GNU/Linux
  # cat /proc/version_signature
  Ubuntu 2.6.32-17.26-server 2.6.32.10+drm33.1
  # iptables -V
  iptables v1.4.4
  # lsmod
  Module                  Size  Used by
  ipt_REJECT              2384  1
  xt_recent               8218  1
  xt_tcpudp               2667  2
  iptable_filter          2791  1
  ip_tables              18358  1 iptable_filter
  x_tables               22429  4 ipt_REJECT,xt_recent,xt_tcpudp,ip_tables
  [...]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/544984/+subscriptions