[bionic/18.04 only - fixed in newer ubuntu] iptables doesn't provide --random-fully flag
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
iptables (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Hello. This isn't strictly a bug, but more of an upgrade-request on the iptables package. Normally i wouldn't be inclined to submit such a bug report, but a user on the ubuntu-
The feature we need from that commit is part of the v1.6.2 and newer iptables releases, but it looks like the Bionic, Cosmic, and Disco releases of Ubuntu all include v1.6.1 without that patch, so for now we're going to have to build iptables from source on our production machines. That shouldn't pose any huge issues, but of course, we'd prefer to be able to use the package from package management, or perhaps a backported package from a newer Ubuntu release.
So to summarise, this might be an invalid bug report, but consider it a vote to upgrade the packaged version of iptables. If this bug report is entirely inappropriate, then I apologise.
1. Link to thread on ubuntu-
Ubuntu version we're using:
Description: Ubuntu 18.04.1 LTS
Release: 18.04
$ apt-cache policy iptables
iptables:
Installed: 1.6.1-2ubuntu2
Candidate: 1.6.1-2ubuntu2
Version table:
*** 1.6.1-2ubuntu2 500
500 http://
100 /var/lib/
Thanks for your time,
Paul
On Wed, Nov 28, 2018 at 02:47:10AM -0000, Paul D wrote: /git.netfilter. org/iptables/ commit/ ?id=8b0da2130b8 af3890ef20afb23 05f11224bb39ec.
> feature yet. Specifically, it's introduced in this commit on the
> iptables codebase:
> https:/
I think this relies upon this kernel feature:
commit 34ce324019e76f6 d93768d68343a0e 78f464d754
Author: Daniel Borkmann <email address hidden>
Date: Fri Dec 20 22:40:29 2013 +0100
netfilter: nf_nat: add full port randomization support
Given the date I'm optimistic that this should be supported in our
kernels, but some confirmation would be nice.
The iptables patch looks pretty simple.
It seems like a good candidate for an SRU to me.
Thanks