In fact, ubuntu 22.04 & 24.04 use iptables-nft
iptables-nft translate the rule :
"iptables -A INPUT -i any -j DROP"
to
"iifname "any" counter packets 0 bytes 0 drop"
As there is no interface named "any" the rule is never match
So the bug is a translation bug from iptables to netfilter !!!
"
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/2084240
Title:
rules are not applied on flow
Status in iptables package in Ubuntu:
New
Bug description:
I did this same test on ubuntu 22.04 and 24.04 :
All policies are in ACCEPT
iptables -A INPUT -i any -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i any -j DROP
If i do a telnet on the server (from an external host) on port 22 it's ok
If i do a telnet on the server (from an external host) on port 8888 i got a
reject !!! (it's not a drop)
If i do a nc -l -p 8888 on the server and then telnet on port 8888 the
connection is authorized !!!
I try this on a 22.04 and on a 24.04 ubuntu server and i got the same
results. The second rule is not applied
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/2084240/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
