Your message dated Sat, 01 Jun 2024 17:49:13 +0000
with message-id <[email protected]>
and subject line Bug#1067733: fixed in iptables 1.8.10-4
has caused the Debian Bug report #1067733,
regarding iptables: regression in 1.8.9 with -n breaks portblock in
resource-agents
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1067733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067733
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: iptables
Version: 1.8.9-2
Severity: important
Tags: upstream
Dear Maintainer,
there is a known (and fixed) bug in iptables where it prints the "prot" as
numerical value if "-n" is given (see 17 and 6):
# iptables --version
iptables v1.8.9 (legacy)
# iptables -nL
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
ACCEPT 17 -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
There is an upstream bug report:
https://bugzilla.netfilter.org/show_bug.cgi?id=1729
Version 1.8.10 fixed this bug (see "udp" and "tcp" in "prot") in
https://git.netfilter.org/iptables/commit/?id=34f085b1607364f4eaded1140060dcaf965a2649
# iptables --version
iptables v1.8.7 (nf_tables)
# iptables -nL
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
The portblock agent in resource-agents parses that field and expects "tcp" and
not "6". Parsing was relaxed in: https://github.com/ClusterLabs/resource-
agents/pull/1924
So both upstream projects mitigated/fixed the problem, unfortunately Debian
stable ships the buggy iptables version which breaks portblock. Applying the
mentioned patch to portblock from resource-agents would be an alternative
solution, but the actual bug is in iptables, and this is why I reported the bug
for this package. Debian testing ships a recent enough iptables where this bug
was already fixed.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable'), (550, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages iptables depends on:
ii libc6 2.37-15
ii libip4tc2 1.8.10-3
ii libip6tc2 1.8.10-3
ii libmnl0 1.0.5-2
ii libnetfilter-conntrack3 1.0.9-6
ii libnfnetlink0 1.0.2-2
ii libnftnl11 1.2.6-2
ii libxtables12 1.8.10-3
ii netbase 6.4
Versions of packages iptables recommends:
pn nftables <none>
Versions of packages iptables suggests:
pn firewalld <none>
ii kmod 31-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: iptables
Source-Version: 1.8.10-4
Done: Jeremy Sowden <[email protected]>
We believe that the bug you reported is fixed in the latest version of
iptables, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Sowden <[email protected]> (supplier of updated iptables package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 May 2024 16:19:43 +0100
Source: iptables
Architecture: source
Version: 1.8.10-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Netfilter Packaging Team
<[email protected]>
Changed-By: Jeremy Sowden <[email protected]>
Closes: 1067733
Changes:
iptables (1.8.10-4) unstable; urgency=medium
.
* [4b0a06f] d/p/ebtables-noflush-restore-fix.patch: add DEP-3 metadata
* [2ed6c0b] d/patches: add upstream patch to revert numeric output of
protocols (Closes: #1067733)
* [03a579c] d/control: update my e-mail address
Checksums-Sha1:
2c2834eb4959f3af066ab974b8a4c6723f327153 2656 iptables_1.8.10-4.dsc
fd2b54f8adbad3e1ca29bbd4492e184b2d4a7b6c 28036 iptables_1.8.10-4.debian.tar.xz
c091698caa272f36c324b92388e3e9763acfa6c6 9761 iptables_1.8.10-4_amd64.buildinfo
Checksums-Sha256:
f0601503a7d269b976f58a42c1942b7c41d353824e7860a41067cf5598a5a8e2 2656
iptables_1.8.10-4.dsc
34bb51e916ab643f4d99667cd1dc3408aead7c44b54de4e95f3beac421dfa4b3 28036
iptables_1.8.10-4.debian.tar.xz
703b76e4b11058661e89e8de9461c1fb3998c43e628aff3e0244e12a23b019ad 9761
iptables_1.8.10-4_amd64.buildinfo
Files:
534c95ae12ad90a5dba19eb6d64858a6 2656 net optional iptables_1.8.10-4.dsc
9cae60c42c77ff512f9ae2c9f91dec0a 28036 net optional
iptables_1.8.10-4.debian.tar.xz
dc59e61d281ed2abeabe3397b604ba36 9761 net optional
iptables_1.8.10-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEbB20U2PvQDe9VtUXKYasCr3xBA0FAmZbWRgSHGF6YXplbEBk
ZWJpYW4ub3JnAAoJECmGrAq98QQN+hkP/0ZEmlq46T+DJ56cdzw79R7kXEazupha
ezUyK8E4IJ7ZaSnPSKYZkzz2BwSaYVJShudkOYP6eSW7nQlKYtcdH1keLsd4kq2f
FxqhPxDkgKN+FTg2AcXZpsGhFhIeXTO0XG4593ny/b5Hi1ocr9hXzdOWLQBE77/f
xeSyl1zLuqa0CL3Qt2eM5j5lIlBdMXbmQwWZBb7HQFionPDR4yC75D60vAsMhXjc
kC23wWnOoCHDA77ULvfEsFGqnS0TWQtxl9C0ug7LR9fMw3taaWW73OcjaETEo7JK
LWcIJqAWpWZT0/YxrcrcYVghVGAUduu2uaGea+8d89aVLXsKh7pL9ZbUvgi9DLua
TRQ11e8KStcW12dEcteALr/xJu99eNDsHIHSiKxIiIbxC2uduz0HbqA0pOdUncfu
0Mz8r2rkwClMzlYAU8Y+Q6Eligkv0Y8pmH7RC67h8pGX5i8fX/eYeRQ2gqqnVjAP
USFydHBDd9D3pDi6XPr8s1iJGqR7rOXVAnNMpcES/undomTcJ2G1IcoumTh/NpYp
9SYNZ3fykstCA44hI6HJSAnUnpyhyPTcodtNl/qAr/cPlgAuP10aswP67u8441+m
qtjFfpgWW3Xbw5I6w6N2HYLffVuPJzASkm0f51lmka6hUne0+71NsqPOpYrC/qk0
RtBIhAdOLosZ
=/T04
-----END PGP SIGNATURE-----
pgptJ2BveKWGh.pgp
Description: PGP signature
--- End Message ---
