[pkg-netfilter-team] Bug#959989: nftables: nft does not recognize imap service
Arturo Borrero Gonzalez
arturo at debian.org
Fri May 8 10:09:14 BST 2020
Control: tags -1 moreinfo
On 5/8/20 1:03 AM, Artur Pydo wrote:
> nft insert rule inet filter input tcp dport \{ smtp,465,submission,imap,imaps,pop3,pop3s \}
I cannot reproduce this. The same rule worked here:
=== 8< ===
arturo at endurance:~$ sudo nft insert rule inet filter input tcp dport \{
smtp,465,submission,imap,imaps,pop3,pop3s \}
arturo at endurance:~$ sudo nft -S list ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
tcp dport { "smtp", "pop3", "imap2", "submissions", "submission", "imaps",
"pop3s" }
[...]
=== 8< ===
This is my services file:
=== 8< ===
arturo at endurance:~$ grep imap /etc/services
imap2 143/tcp imap # Interim Mail Access P 2 and 4
imaps 993/tcp # IMAP over SSL
=== 8< ===
I wonder if fail2ban is wrapping the call to the nft binary in a way that
prevents it from doing the getaddrinfo() call. This seems unlikely anyway.
More information about the pkg-netfilter-team
mailing list