[Touch-packages] [Bug 2033663] Re: iptables fails to parse "-i +" correctly

Tue, 26 Sep 2023 03:22:06 -0700 

It looks it was a problem in iptables, not iptables-persistent.

** Changed in: iptables-persistent (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/2033663

Title:
  iptables fails to parse "-i +" correctly

Status in iptables:
  Unknown
Status in iptables package in Ubuntu:
  In Progress
Status in iptables-persistent package in Ubuntu:
  Invalid

Bug description:
  I recently started to use Ubuntu 22.04 LTS on a server and created a simple 
ipables firewall for it.
  (For Ubuntu 20.04 that I have used before, the below seems fine.)

  lsb_release -rd
  Description:    Ubuntu 22.04.2 LTS
  Release:        22.04

  # apt-cache policy iptables-persistent
  iptables-persistent:
    Installed: 1.0.16
    Candidate: 1.0.16
    Version table:
   *** 1.0.16 500
          500 http://se.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
          100 /var/lib/dpkg/status

  # apt-cache policy iptables
  iptables:
    Installed: 1.8.7-1ubuntu5.1
    Candidate: 1.8.7-1ubuntu5.1
    Version table:
   *** 1.8.7-1ubuntu5.1 500
          500 http://se.archive.ubuntu.com/ubuntu jammy-updates/main amd64 
Packages
          100 /var/lib/dpkg/status
       1.8.7-1ubuntu5 500
          500 http://se.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

  
  --------------------------------------------------
  ISSUE:
  If I enter a simple iptables rule that uses the "-i +" input interface 
wildcard thing in it, but note that I don't give any interface namestring 
"prefix" before the "+" - for example:
  iptables -A INPUT -i + -d 192.168.1.10 -j DROP 
  iptables -A INPUT -i + -d 192.168.1.11 -j DROP 
  iptables -A INPUT -i + -d 192.168.1.12 -j DROP 

  Then printouts of both iptables-save and iptables -L -n -v will show weird 
non-ascii/non-printable characters where the interfaces are supposed to be 
printed!
  The result for my rule example above shows as:
  -A INPUT -d 192.168.80.10/32 -i ˬP
  + -j DROP
  -A INPUT -d 192.168.80.11/32 -i À¨P�+ -j DROP
  -A INPUT -d 192.168.80.12/32 -i ˬP + -j DROP
  (The garbage chars are in hex \c0\a8\50\0a, \c0\a8\50\0b, \c0\a8\50\0c 
respectively. Note the \0a newline char breaking up the printout into two lines 
for the first rule.)

  The garbage characters makes 
  "iptables-save > /etc/iptables/rules.v4" 
  followed up with 
  "iptables-restore < /etc/iptables/rules.v4"
  to fail!

  I discovered that if the rule also includes some "protocol"
  constraints like "-p tcp -m tcp --dport 123" then iptables
  parses/prints the rule seemingly ok, but for "simpler" rules iptables
  gets confused.

To manage notifications about this bug go to:
https://bugs.launchpad.net/iptables/+bug/2033663/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to