| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Dec 2006 21:30:48 +0300
From: Sergey Vlasov <vsu@...linux.ru>
To: Jan Engelhardt <jengelh@...ux01.gwdg.de>
Cc: netfilter@...ts.netfilter.org, linux-kernel@...r.kernel.org
Subject: Re: ip_tables init broken
On Sat, 30 Dec 2006 18:14:35 +0100 (MET) Jan Engelhardt wrote:
> when the ip_tables module is loaded automatically when inserting the
> first rule, something gets screwed up, as -L -v -n shows:
>
>
> 17:39 ichi:~ # lsmod | grep ip_tables
> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
> 17:39 ichi:~ # iptables -t mangle -L -v -n | grep eth1
> p b targ pr opt in out src dst
> 0 0 MARK 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 0xa1
> 0 0 MARK 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 MARK set 0xa1
>
> Everything is fine if ip_tables was loaded before.
>
> This box runs 2.6.18.5. Can anyone confirm this bug?
Looks like this problem was fixed between iptables releases 1.3.5 and
1.3.7 (the old buggy version was trying to detect whether the kernel
supports the newer MARK target version before loading the ip_tables
module, therefore the check was giving bogus results).
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists