Ubuntu
iptables package

Bug #2067274
Activity log

Activity log for bug #2067274

Date	Who	What changed	Old value	New value	Message
2024-05-27 11:48:55	Christoph Böhmwalder	bug			added bug
2024-05-27 11:49:36	Christoph Böhmwalder	description	In iptables 1.8.9, a regression was introduced that changes the behavior of the -n flag. Previously, supplying -n would not display numerical values for the "prot" column of the -L output: # iptables --version iptables v1.8.7 (nf_tables) # iptables -nL Chain LIBVIRT_OUT (1 references) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 However, with the faulty patch, this changed to numerical values: # iptables --version iptables v1.8.9 (legacy) # iptables -nL Chain LIBVIRT_OUT (1 references) target prot opt source destination ACCEPT 17 -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 This breaks parsing in the resource-agents package, namely the portblock resource agent. Parsing has since been relaxed in resource-agents: https://github.com/ClusterLabs/resource-agents/pull/1924 (released in resource-agents v4.14.0). There is an upstream bug report: https://bugzilla.netfilter.org/show_bug.cgi?id=1729 The offending commit was reverted upstream: https://git.netfilter.org/iptables/commit/?id=34f085b1607364f4eaded1140060dcaf965a2649 But the revert has not been released yet. Ubuntu Noble ships version 1.8.10 of iptables, which is still affected. The solution would be to apply the reverted patch mentioned above.	In iptables 1.8.9, a regression was introduced that changes the behavior of the -n flag. Previously, supplying -n would not display numerical values for the "prot" column of the -L output: # iptables --version iptables v1.8.7 (nf_tables) # iptables -nL Chain LIBVIRT_OUT (1 references) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 However, with the faulty patch, this changed to numerical values: # iptables --version iptables v1.8.9 (legacy) # iptables -nL Chain LIBVIRT_OUT (1 references) target prot opt source destination ACCEPT 17 -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 This breaks parsing in the resource-agents package, namely the portblock resource agent. Parsing has since been relaxed in resource-agents: https://github.com/ClusterLabs/resource-agents/pull/1924 (released in resource-agents v4.14.0). There is an upstream bug report: https://bugzilla.netfilter.org/show_bug.cgi?id=1729 For reference, there is also a report with the Debian project: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067733 The offending commit was reverted upstream: https://git.netfilter.org/iptables/commit/?id=34f085b1607364f4eaded1140060dcaf965a2649 But the revert has not been released yet. Ubuntu Noble ships version 1.8.10 of iptables, which is still affected. The solution would be to apply the reverted patch mentioned above.
2024-05-27 12:17:55	Launchpad Janitor	iptables (Ubuntu): status	New	Confirmed
2024-05-27 12:55:29	Oibaf	bug watch added		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067733
2024-05-27 12:55:29	Oibaf	bug task added		iptables
2024-05-27 14:59:16	Bug Watch Updater	iptables: status	Unknown	Confirmed
2024-06-01 22:24:35	Bug Watch Updater	iptables: status	Confirmed	Fix Released

Ubuntuiptables package

Activity log for bug #2067274

Ubuntu
iptables package