On Dec 30 2006 21:30, Sergey Vlasov wrote:
>On Sat, 30 Dec 2006 18:14:35 +0100 (MET) Jan Engelhardt wrote:
>
>> when the ip_tables module is loaded automatically when inserting the
>> first rule, something gets screwed up, as -L -v -n shows:
>>
>>
>> 17:39 ichi:~ # lsmod | grep ip_tables
>> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
>> 17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
>> 17:39 ichi:~ # iptables -t mangle -L -v -n | grep eth1
>> p b targ pr opt in out src dst
>> 0 0 MARK 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 0xa1
>> 0 0 MARK 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 MARK set 0xa1
>>
>> Everything is fine if ip_tables was loaded before.
>>
>> This box runs 2.6.18.5. Can anyone confirm this bug?
>
>Looks like this problem was fixed between iptables releases 1.3.5 and
>1.3.7 (the old buggy version was trying to detect whether the kernel
>supports the newer MARK target version before loading the ip_tables
>module, therefore the check was giving bogus results).
Yup, upgrading to 1.3.7 fixed the problem, thanks for giving hint.
(netfilter svn commit #6692 seems relevant)
-`J'
--
|