Package: arptables Version: 0.0.3.3-1 Severity: important *** Please type your report below this line ***
When saving IPv4 IPs referenced in rules, arptables-save does a reverse DNS lookup on the IP and saves the result as the address in the resulting output. This breaks when loading if there is no corresponding forward entry. Here's an example from my setup: mx:~# arptables -L OUTPUT -v -n --line-numbers Chain OUTPUT (policy DROP 0 packets, 0 bytes) 1 -j out_eth0 -i * -o eth0 , pcnt=3 -- bcnt=84 2 -j out_eth1 -i * -o eth1 , pcnt=4 -- bcnt=112 3 -j out_eth2 -i * -o eth2 , pcnt=0 -- bcnt=0 4 -j DROP -i * -o any , pcnt=0 -- bcnt=0 mx:~# arptables-save *filter :INPUT ACCEPT :OUTPUT DROP :FORWARD ACCEPT :out_eth0 - :out_eth1 - :out_eth2 - -A OUTPUT -j out_eth0 -i any -o eth0 -A OUTPUT -j out_eth1 -i any -o eth1 -A OUTPUT -j out_eth2 -i any -o eth2 -A OUTPUT -j DROP -i any -o any -A out_eth0 -j ACCEPT -i any -o any -s xxx.xxx.xxx.10.example.com --src-mac 04:01:01:03:f3:af -A out_eth0 -j DROP -i any -o any -A out_eth1 -j ACCEPT -i any -o any -s xxx.xxx.xxx.132 --src-mac 04:01:01:03:f3:b0 -A out_eth1 -j DROP -i any -o any -A out_eth2 -j ACCEPT -i any -o any -s xxx.xxx.xxx.2.example.com --src-mac 04:01:01:03:f3:b1 -A out_eth2 -j ACCEPT -i any -o any -s xxx.xxx.xxx.3.example.com --src-mac 04:01:01:03:f3:b1 -A out_eth2 -j DROP -i any -o any -- System Information: Debian Release: 5.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18-92.1.1.el5 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages arptables depends on: ii libc6 2.7-18 GNU C Library: Shared libraries arptables recommends no packages. arptables suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
