[pkg-netfilter-team] Bug#939924: iptables-nft 1.8.2-4 check reports bad rule on "-m mark --mark 0x8000"
Wolfgang Jentner
jentner at dbvis.inf.uni-konstanz.de
Tue Sep 10 08:55:49 BST 2019
Package: iptables
Version: 1.8.2-4
Hi,
there is a bug in iptables-nft 1.8.2-4 in Debian buster:
|# lsb_release -a No LSB modules are available. Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster #
dpkg -s iptables | grep ^Version Version: 1.8.2-4 # iptables-nft -N FOO
# iptables-nft -A FOO -m comment --comment "kubernetes firewall for
dropping marked packets" -m mark --mark 0x8000 -j DROP # iptables-nft -C
FOO -m comment --comment "kubernetes firewall for dropping marked
packets" -m mark --mark 0x8000 -j DROP && echo exists iptables: Bad rule
(does a matching rule exist in that chain?). # iptables-legacy -N BAR #
iptables-legacy -A BAR -m comment --comment "kubernetes firewall for
dropping marked packets" -m mark --mark 0x8000 -j DROP # iptables-legacy
-C BAR -m comment --comment "kubernetes firewall for dropping marked
packets" -m mark --mark 0x8000 -j DROP && echo exists exists|
We filed the original issue here:
https://github.com/kubernetes/kubernetes/issues/82361#issue-489594945
Best,
Wolfgang
--
Wolfgang Jentner
Department of Computer and Information Science
Chair for Data Analysis and Visualization
University of Konstanz
Box 78
D-78457 Konstanz, Germany
Mail: jentner at dbvis.inf.uni-konstanz.de
Web: https://www.vis.uni-konstanz.de/mitglieder/jentner/
Phone: +49 (0) 7531 88 3941
Fax: +49 (0) 7531 88 3065
Room: C201
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20190910/3ab67187/attachment.html>
More information about the pkg-netfilter-team
mailing list