Re: ip_tables init broken [fixd]


On Dec 30 2006 21:30, Sergey Vlasov wrote:
On Sat, 30 Dec 2006 18:14:35 +0100 (MET) Jan Engelhardt wrote:

when the ip_tables module is loaded automatically when inserting the
first rule, something gets screwed up, as -L -v -n shows:


17:39 ichi:~ # lsmod | grep ip_tables
17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
17:39 ichi:~ # iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 161
17:39 ichi:~ # iptables -t mangle -L -v -n | grep eth1
p b targ pr opt in out src dst
0 0 MARK 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 0xa1
0 0 MARK 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0 MARK set 0xa1

Everything is fine if ip_tables was loaded before.

This box runs 2.6.18.5. Can anyone confirm this bug?

Looks like this problem was fixed between iptables releases 1.3.5 and
1.3.7 (the old buggy version was trying to detect whether the kernel
supports the newer MARK target version before loading the ip_tables
module, therefore the check was giving bogus results).

Yup, upgrading to 1.3.7 fixed the problem, thanks for giving hint.
(netfilter svn commit #6692 seems relevant)

-`J'
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages