[pkg-netfilter-team] Bug#912607: rule for 0.0.0.0/8 is added as 0.0.0.0/0
Thijs Kinkhorst
thijs at debian.org
Thu Nov 1 19:07:36 GMT 2018
Package: iptables
Version: 1.8.1-2
Severity: important
Hi,
With iptables in sid, When specifying a rule for "0.0.0.0/8", it gets
added to the ruleset as "0.0.0.0/0". This broke things at my
systems since the latter means "anywhere".
The problem can be reproduced as follows:
# iptables -A OUTPUT -s 127.0.0.1 -d 0.0.0.0/8 -j DROP
The following rule is then added to the OUTPUT chain:
DROP all -- 127.0.0.1 0.0.0.0/0
Until recently, and also still in stretch, the same command
resulted in:
DROP all -- 127.0.0.1 0.0.0.0/8
Cheers,
Thijs
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages iptables depends on:
ii libc6 2.27-8
ii libip4tc0 1.8.1-2
ii libip6tc0 1.8.1-2
ii libiptc0 1.8.1-2
ii libmnl0 1.0.4-2
ii libnetfilter-conntrack3 1.0.7-1
ii libnfnetlink0 1.0.1-3+b1
ii libnftnl7 1.1.1-1
ii libxtables12 1.8.1-2
iptables recommends no packages.
Versions of packages iptables suggests:
ii kmod 25-1
-- no debconf information
More information about the pkg-netfilter-team
mailing list