RE: ip_tables init broken

To:	"'Netfilter Mailing List'" <netfilter@lists.netfilter.org>
Subject:	RE: ip_tables init broken
From:	"Rob Sterenborg" <rob@sterenborg.info>
Date:	Sat, 30 Dec 2006 20:48:22 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<Pine.LNX.4.61.0612301738001.32449@yvahk01.tjqt.qr>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender:	netfilter-bounces@lists.netfilter.org
Thread-index:	AccsNjMR/JW/DjYlQ2iXg1QHMX14PgAEyZMg

> when the ip_tables module is loaded automatically when inserting the
> first rule, something gets screwed up, as -L -v -n shows:
> 
> 
> 17:39 ichi:~ # lsmod | grep ip_tables
> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK
--set-mark 161
> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK
--set-mark 161
> 17:39 ichi:~ # iptables -t mangle -L -v -n | grep eth1 
> p b targ pr opt in  out src       dst
> 0 0 MARK 0  -- eth1 *   0.0.0.0/0 0.0.0.0/0  0xa1
> 0 0 MARK 0  -- eth1 *   0.0.0.0/0 0.0.0.0/0  MARK set 0xa1
> 
> Everything is fine if ip_tables was loaded before.
> 
> This box runs 2.6.18.5. Can anyone confirm this bug?

AFAICS, not here with 2.6.18.3 with pom-ng-20061124:
(Copy/pase of command sequence and response.)

Linux 2.6.18.3.
# lsmod | grep ip_tables
# iptables -t mangle -A FORWARD -i eth0 -j MARK --set-mark 161
# iptables -t mangle -A FORWARD -i eth0 -j MARK --set-mark 161
# iptables -t mangle -nvL | grep eth0
p b targ pr opt in   out src       dst
0 0 MARK 0  --  eth0 *   0.0.0.0/0 0.0.0.0/0   MARK set 0xa1 
0 0 MARK 0  --  eth0 *   0.0.0.0/0 0.0.0.0/0   MARK set 0xa1 
# lsmod | grep ip_tables
ip_tables              12252  1 iptable_mangle
x_tables               11524  2 xt_MARK,ip_tables

This box does not start a firewall script (yet) and it doesn't have any
NF modules loaded after boot.


Grts,
Rob

<Prev in Thread]	Current Thread	[Next in Thread>
ip_tables init broken, Jan Engelhardt RE: ip_tables init broken, Rob Sterenborg <= Message not available Re: ip_tables init broken [fixd], Jan Engelhardt

Previous by Date:	ip_tables init broken, Jan Engelhardt
Next by Date:	libnetfilter queue reference guide, Stéphane Persyn
Previous by Thread:	ip_tables init broken, Jan Engelhardt
Next by Thread:	Re: ip_tables init broken [fixd], Jan Engelhardt
Indexes:	[Date] [Thread] [Top] [All Lists]