parse_port undefined when using libipt_tcp.so directly
Bug #122090 reported by
wayne
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ipac-ng (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: iptables
When running ipac-ng and specifying the following rule
Outgoing|
I get the following error.
Couldn't load match `tcp':/
When changing the rule as follows the error doesn't exist.
Outgoing|
So its all about specifying the connection type.
This did not exist in 1.3.5.0debian1-
I am calling this a security vulnerability because it breaks shorewall and then you
get people like me not noticing that they have no firewall for the weekend.
Revision history for this message
| Soren Hansen (soren) wrote | #1 |
Revision history for this message
| Soren Hansen (soren) wrote | #2 |
| Changed in iptables: | |
| assignee: | nobody → shawarma |
Revision history for this message
| wayne (wayne-flashmedia) wrote | #3 |
Revision history for this message
| Soren Hansen (soren) wrote | #4 |
| Changed in ipac-ng: | |
| assignee: | soren → nobody |
Revision history for this message
| Clint Byrum (clint-fewbar) wrote | #5 |
| Changed in ipac-ng (Ubuntu): | |
| status: | New → Won't Fix |
To post a comment you must log in.
I took a quick peek at the code in Edgy and the current code, and from what I could see, it seems that the parse_port function was included in each of the dependent iptables modules in 1.3.5 (the version in Edgy), but was moved to iptables.c in 1.3.6 (the current version). So, when you're using iptables directly, everything is fine, but when using the libraries directly, parse_port is nohwere to be found. The easy fix is to add parse_port to ipac-ng, but I need to check with upstream to see why this was done.