[Touch-packages] [Bug 1738403] Re: iptables-save duplicates all rules related to Linux bridges

Tue, 26 Sep 2023 03:52:27 -0700 

Is this still an issue on a newer Ubuntu (22.04 or later)?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1738403

Title:
  iptables-save duplicates all rules related to Linux bridges

Status in iptables package in Ubuntu:
  Confirmed

Bug description:
  Ubuntu 17.10
  iptables 1.6.1-2ubuntu1

  Before "iptables-save > /etc/iptables/rules.v4"
  -----------------------------------------------
  # cat iptables/rules.v4 | grep virbr0 | sort | uniq -c
       14 -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate 
RELATED,ESTABLISHED -j ACCEPT
       14 -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
       14 -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
       14 -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
       14 -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
       14 -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
       14 -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
       14 -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
       14 -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
       14 -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
       33 -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM 
--checksum-fill
        1 -A ufw-user-input -i virbr0 -j ACCEPT
        1 -A ufw-user-output -o virbr0 -j ACCEPT

  After "iptables-save > /etc/iptables/rules.v4"
  ----------------------------------------------
  # cat iptables/rules.v4 | grep virbr0 | sort | uniq -c
       15 -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate 
RELATED,ESTABLISHED -j ACCEPT
       15 -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
       15 -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
       15 -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
       15 -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
       15 -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
       15 -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
       15 -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
       15 -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
       15 -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
       34 -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM 
--checksum-fill
        1 -A ufw-user-input -i virbr0 -j ACCEPT
        1 -A ufw-user-output -o virbr0 -j ACCEPT

  It looks like iptables-save is confused by virbrn entries and
  duplicates them each time it is run.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1738403/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to