[Kernel-packages] [Bug 1234877] Re: ip6tables - --reject-with tcp-reset does not work correctly in chain OUTPUT

Tue, 29 Oct 2013 15:31:39 -0700 

If it can be fixed with a Linux kernel check in, probably the 'linux'
package is a better target than the 'iptables' package.

** Changed in: iptables (Ubuntu)
       Status: Fix Committed => New

** Package changed: iptables (Ubuntu) => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1234877

Title:
  ip6tables - --reject-with tcp-reset does not work correctly in chain
  OUTPUT

Status in “linux” package in Ubuntu:
  Incomplete

Bug description:
  Hello,

  We use:

  Description:  Ubuntu 12.04.3 LTS
  Release:      12.04

  kernel 3.2.2 (checked also 3.8* and 3.10.5-031005-generic kernels. Same.)
  iptables=1.4.12-1ubuntu5
  and ipv6

  We noticed that --reject-with tcp-reset works 7 seconds:

  ip6tables -I OUTPUT -p tcp --dport 10001 -j REJECT --reject-with tcp-reset
  such rule

  ip6tables -L
  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination         

  Chain FORWARD (policy ACCEPT)
  target     prot opt source               destination         

  Chain OUTPUT (policy ACCEPT)
  target     prot opt source               destination         
  REJECT     tcp      anywhere             anywhere             tcp dpt:10001 
reject-with tcp-reset

  time telnet <ourlovelyipv6onlyserver> 10001
  Trying 2a02:6b8:0:c10*...
  telnet: Unable to connect to remote host: Connection timed out

  real  0m7.012s
  user  0m0.000s
  sys   0m0.000s

  Rule works:

  ip6tables -vL
  Chain INPUT (policy ACCEPT 506 packets, 49495 bytes)
   pkts bytes target     prot opt in     out     source               
destination         

  Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
   pkts bytes target     prot opt in     out     source               
destination         

  Chain OUTPUT (policy ACCEPT 346 packets, 37392 bytes)
   pkts bytes target     prot opt in     out     source               
destination         
      3   216 REJECT     tcp      any    any     anywhere             anywhere  
           tcp dpt:10001 reject-with tcp-reset

  Tcpdump is empty. Packet counter increases. All well.
  But it works 7 seconds

  iptables does the same within 0.005s

  I think this is a bug.

  Thank you.
  Have a nice day.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1234877/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to