[pkg-netfilter-team] Bug#950535: Bug#950535: iptables-restore segfaults on nat table
Alberto Molina Coballes
alb.molina at gmail.com
Thu Feb 13 09:11:30 GMT 2020
Control: tag -1 moreinfo
Hi Christoph,
Is this ruleset a real one obtained from ufw? I ask because the next one
doesn't result in segfault:
*nat
-F PREROUTING
-F POSTROUTING
-A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194
COMMIT
I don't understand the rule "-F PREROUTING" after a "-A ..." one. It seems
that the segfault happens in this specific case (it's a bug of course, but
not a bug with grave severity).
After some tests I found this ruleset segfaults with iptables-nft-restore
in several iptables releases (1.8.2-4, 1.8.3-2~bpo10+1 and 1.8.4-2) while
iptables-legacy-restore executes as expected.
Please, provide more info or a general ruleset to inform upstream and/or
lower the severity.
Thanks for reporting!
Alberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20200213/ec9a4d0a/attachment-0001.html>
More information about the pkg-netfilter-team
mailing list