[Possibly OT] ipt_unclean.c on kernel-2.4.7-9

• Next message: Alan Cox: "Re: Linux 2.4.8-ac12"
• Previous message: Alan Cox: "Re: Slow system with K7"
• Next in thread: Rusty Russell: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Reply: Rusty Russell: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi gurus,
        I've possibly found a bug in the iptables unclean match support
but I was not able to find the email of the mantainer so I'm posting
here....

the module is incorrectly matching ftp session. Ex:

iptables -j DROP -A INPUT --match unclean
iptables -j ACCEPT -A INPUT -p tcp --dport 21

in this case all my packets directed to the ftp server where dropped by
the
"unclean" match and this make impossible to open ftp session.

It's obvious that you can swap the entry to make it working but I think
it should work also in this way. I've also tested using different
client.

If people need more info jus ask please.

Fabbione
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Alan Cox: "Re: Linux 2.4.8-ac12"
• Previous message: Alan Cox: "Re: Slow system with K7"
• Next in thread: Rusty Russell: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Reply: Rusty Russell: "Re: [Possibly OT] ipt_unclean.c on kernel-2.4.7-9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Aug 31 2001 - 21:00:23 EST