[pkg-netfilter-team] Bug#905284: iptables-save should exit 1 instead of lying to the unprivileged user
Harald Dunkel
harald.dunkel at aixigo.de
Thu Aug 2 15:34:38 BST 2018
Package: iptables
Version: 1.6.0+snapshot20161117-6
iptables-save lies silently to anybody but root. It should exit
with a "permission denied" instead. Sample session:
{jupp at dpcl082:~ (local) 563} iptables-save
{jupp at dpcl082:~ (local) 564} echo $?
0
{jupp at dpcl082:~ (local) 565} su -
Password:
# iptables-save
# Generated by iptables-save v1.6.0 on Thu Aug 2 16:10:24 2018
*mangle
:PREROUTING ACCEPT [16604851:16259581032]
:INPUT ACCEPT [16105573:16213807374]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10975742:123450131000]
:POSTROUTING ACCEPT [10976154:123450162467]
-A POSTROUTING -o lxcbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Thu Aug 2 16:10:24 2018
# Generated by iptables-save v1.6.0 on Thu Aug 2 16:10:24 2018
*nat
:PREROUTING ACCEPT [663166:62940937]
:INPUT ACCEPT [163888:17167279]
:OUTPUT ACCEPT [15618:1369223]
:POSTROUTING ACCEPT [15616:1369067]
-A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
COMMIT
# Completed on Thu Aug 2 16:10:24 2018
# Generated by iptables-save v1.6.0 on Thu Aug 2 16:10:24 2018
*filter
:INPUT ACCEPT [16105617:16213819168]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10975802:123450150243]
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i lxcbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lxcbr0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -o lxcbr0 -j ACCEPT
-A FORWARD -i lxcbr0 -j ACCEPT
COMMIT
# Completed on Thu Aug 2 16:10:24 2018
More information about the pkg-netfilter-team
mailing list