[pkg-netfilter-team] Bug#949101: Bug#949101: iptables-restore: segmentation fault
Alexander E. Patrakov
patrakov at gmail.com
Fri Jan 17 09:26:12 GMT 2020
On Fri, Jan 17, 2020 at 2:25 PM Arturo Borrero Gonzalez
<arturo at debian.org> wrote:
>
> Control: fixed -1 1.8.3-2
>
> On 1/16/20 11:10 PM, Alexander E. Patrakov wrote:
> > Package: iptables
> > Version: 1.8.2-4
>
> Thanks for the bug report!
>
> I couldn't reproduce this in a more recent version:
>
> === 8< ===
> arturo at endurance:~ $ sudo iptables-nft-restore < original_rules.iptables
> arturo at endurance:~ $ sudo iptables-nft-restore -n -t < new.iptables
> arturo at endurance:~ $ sudo iptables-nft-save
> # Generated by xtables-save v1.8.3 on Fri Jan 17 10:22:32 2020
> *nat
> :PREROUTING ACCEPT [10:3800]
> :INPUT ACCEPT [0:0]
> :POSTROUTING ACCEPT [4:566]
> :OUTPUT ACCEPT [4:566]
> COMMIT
> # Completed on Fri Jan 17 10:22:32 2020
> # Generated by xtables-save v1.8.3 on Fri Jan 17 10:22:32 2020
> *filter
> :INPUT ACCEPT [62:8657]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [65:5404]
> :f2b-sshd - [0:0]
> -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
> -A FORWARD -i wg-customers -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> -A FORWARD -i wg-customers -j DROP
> -A FORWARD -o wg-customers -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m
> conntrack --ctstate NEW -j ACCEPT
> -A f2b-sshd -s 222.186.30.145/32 -j REJECT --reject-with icmp-port-unreachable
> COMMIT
> # Completed on Fri Jan 17 10:22:32 2020
> === 8< ===
>
> Marking this as fixed in version 1.8.3-2 and closing bug.
>
> regards.
Great! Could you please make sure that the fix somehow propagates to
Debian stable?
--
Alexander E. Patrakov
More information about the pkg-netfilter-team
mailing list