Bug#932899: marked as done (iptables-translate silently discards --ctstate DNAT)

Thu, 05 Dec 2024 00:51:21 -0800 

Your message dated Thu, 5 Dec 2024 08:47:24 +0000
with message-id <20241205084724.GF734223@celephais.dreamlands>
and subject line Fixed in 1.8.6-1
has caused the Debian Bug report #932899,
regarding iptables-translate silently discards --ctstate DNAT
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
932899: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932899
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: iptables
Version: 1.8.2-4
Severity: minor

This appears to be wrong -- the DNAT is "eaten":

    root@not-omega:~# iptables-translate -t filter -A INPUT -m conntrack 
--ctstate DNAT -j ACCEPT
    nft add rule ip filter INPUT ct state  counter accept

    root@not-omega:~# iptables-translate -t filter -A INPUT -m conntrack 
--ctstate ESTABLISHED,RELATED,DNAT -j ACCEPT
    nft add rule ip filter INPUT ct state related,established counter accept

I think the output should be

    root@not-omega:~# iptables-translate -t filter -A INPUT -m conntrack 
--ctstate DNAT -j ACCEPT
    nft add rule ip filter INPUT ct status dnat counter accept

    root@not-omega:~# iptables-translate -t filter -A INPUT -m conntrack 
--ctstate ESTABLISHED,RELATED,DNAT -j ACCEPT
    nft add rule ip filter INPUT ct state related,established counter accept
    nft add rule ip filter INPUT ct status dnat counter accept

I am new to nftables, so I may have missed something obvious.
If so, sorry to bother you!

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
Version: 1.8.6-1

Fixed upstream and released in 1.8.6-1.

J.

Attachment: signature.asc
Description: PGP signature


--- End Message ---

Reply via email to