Modify

Opened 8 years ago

Closed 7 years ago

#7357 closed defect (fixed)

xt_recent broken in backfire

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Backfire 10.03.1
Component: kernel Version: Backfire 10.03
Keywords: Cc:

Description

Tested with 10.03 and backfire r21367.

Firewall:

iptables -A input_rule -i ppp0 -p tcp --dport 22 -m recent --update --seconds 60 --name SSH -j DROP
iptables -A input_rule -i ppp0 -p tcp --dport 22 -m recent --set --name SSH -j ACCEPT

Outcome:

0 0 DROP tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 recent: UPDATE seconds: 60 name: SSH side: source

15 900 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 recent: SET name: SSH side: source

Expected - dropping consecutive packets which comes in 1 minute.

Attachments (1)

191-netfilter_recent_fix.patch (448 bytes) - added by mdeneen@… 8 years ago.
Patch for Backfire (r22127) to fix this issue.

Download all attachments as: .zip

Change History (3)

Changed 8 years ago by mdeneen@…

Patch for Backfire (r22127) to fix this issue.

comment:1 Changed 8 years ago by anonymous

Thanks for the patch. It was pulled from 2.6.32.11 kernel, so may be it's time to update kernel in backfire as well...

comment:2 Changed 7 years ago by nico

  • Resolution set to fixed
  • Status changed from new to closed

All 2.6.32 targets were updated to 2.6.32.16 in [22554], 2.6.30 does not seem affected

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.