Fixed upstream after 1.8.9.
** Changed in: iptables (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/2033663
Title:
iptables fails to parse "-i +" correctly
Status in iptables:
Unknown
Status in iptables package in Ubuntu:
In Progress
Status in iptables-persistent package in Ubuntu:
Invalid
Bug description:
I recently started to use Ubuntu 22.04 LTS on a server and created a simple
ipables firewall for it.
(For Ubuntu 20.04 that I have used before, the below seems fine.)
lsb_release -rd
Description: Ubuntu 22.04.2 LTS
Release: 22.04
# apt-cache policy iptables-persistent
iptables-persistent:
Installed: 1.0.16
Candidate: 1.0.16
Version table:
*** 1.0.16 500
500 http://se.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
100 /var/lib/dpkg/status
# apt-cache policy iptables
iptables:
Installed: 1.8.7-1ubuntu5.1
Candidate: 1.8.7-1ubuntu5.1
Version table:
*** 1.8.7-1ubuntu5.1 500
500 http://se.archive.ubuntu.com/ubuntu jammy-updates/main amd64
Packages
100 /var/lib/dpkg/status
1.8.7-1ubuntu5 500
500 http://se.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
--------------------------------------------------
ISSUE:
If I enter a simple iptables rule that uses the "-i +" input interface
wildcard thing in it, but note that I don't give any interface namestring
"prefix" before the "+" - for example:
iptables -A INPUT -i + -d 192.168.1.10 -j DROP
iptables -A INPUT -i + -d 192.168.1.11 -j DROP
iptables -A INPUT -i + -d 192.168.1.12 -j DROP
Then printouts of both iptables-save and iptables -L -n -v will show weird
non-ascii/non-printable characters where the interfaces are supposed to be
printed!
The result for my rule example above shows as:
-A INPUT -d 192.168.80.10/32 -i ˬP
+ -j DROP
-A INPUT -d 192.168.80.11/32 -i À¨P�+ -j DROP
-A INPUT -d 192.168.80.12/32 -i ˬP + -j DROP
(The garbage chars are in hex \c0\a8\50\0a, \c0\a8\50\0b, \c0\a8\50\0c
respectively. Note the \0a newline char breaking up the printout into two lines
for the first rule.)
The garbage characters makes
"iptables-save > /etc/iptables/rules.v4"
followed up with
"iptables-restore < /etc/iptables/rules.v4"
to fail!
I discovered that if the rule also includes some "protocol"
constraints like "-p tcp -m tcp --dport 123" then iptables
parses/prints the rule seemingly ok, but for "simpler" rules iptables
gets confused.
To manage notifications about this bug go to:
https://bugs.launchpad.net/iptables/+bug/2033663/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
