Control: reassign -1 arno-iptables-firewall On 2024-12-04, at 00:03:21 +0100, Sven Geuer wrote: > Package: iptables > Version: 1.8.11-1 > Severity: normal > > Dear Maintainer, > > up to iptables 1.8.10-4+b1 rules concerning protocol igmp used to be > listed by iptables -S like this one > > -A EXT_INPUT_CHAIN -p igmp -j POST_INPUT_DROP_CHAIN > > Since iptables 1.8.11-1 the string 'igmp' has been substituted by its > numerical equivalent, like > > -A EXT_INPUT_CHAIN -p 2 -j POST_INPUT_DROP_CHAIN > > This change breaks the autopkgtest of arno-iptables-firewall and > prevents the migration of iptables from unstable to testing. > > As I am the maintainer of arno-iptables-firewall I can adapt its > autopkgtest, but before doing so, I'd like you to check whether this > issue is indication of a bigger problem which needs fixing in the > iptables package. > > See the logs at ci.d.n for further details [1] + [2]. > > Regards, Sven > > [1] https://ci.debian.net/packages/a/arno-iptables-firewall/testing/amd64/ > [2] > https://ci.debian.net/packages/a/arno-iptables-firewall/testing/amd64/54207013/ > , lines 1250-1254 and 1257-1261
This is the result of a decision by the iptables upstream not to do /etc/protocols look-ups when dumping rule-sets [1]. From v1.8.11, iptables only dumps protocols by name if they appear in an internal look-up table, and that table does not include IGMP. I created a merge request [2] this evening to fix the failing tests. I am reassigning this bug to arno-iptables-firewall. Give me a shout if you have more questions. J. [1] https://git.netfilter.org/iptables/commit/?id=ff57cd48d2b0c01c1519fd8893fc0432ad211702 [2] https://salsa.debian.org/pkg-security-team/arno-iptables-firewall/-/merge_requests/3 > -- System Information: > Debian Release: trixie/sid > APT prefers unstable-debug > APT policy: (500, 'unstable-debug'), (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 6.11.5-amd64 (SMP w/8 CPU threads; PREEMPT) > Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE > Locale: LANG=de_DE.UTF-8, LC_CTYPE=C.UTF-8 (charmap=locale: Cannot set > LC_MESSAGES to default locale: No such file or directory > locale: Cannot set LC_ALL to default locale: No such file or directory > UTF-8), LANGUAGE not set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages iptables depends on: > ii libc6 2.40-4 > ii libip4tc2 1.8.11-2 > ii libip6tc2 1.8.11-2 > ii libmnl0 1.0.5-3 > ii libnetfilter-conntrack3 1.1.0-1 > ii libnfnetlink0 1.0.2-3 > ii libnftnl11 1.2.8-1 > ii libxtables12 1.8.11-2 > ii netbase 6.4 > > Versions of packages iptables recommends: > pn nftables <none> > > Versions of packages iptables suggests: > pn firewalld <none> > ii kmod 33+20240816-2 > > -- no debconf information > > -- > GPG Fingerprint > 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585 > > >
signature.asc
Description: PGP signature
