Bug#540074: netfilter leaking traffic when long chains defined

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#540074: netfilter leaking traffic when long chains defined
From: Mark Hobley <markhobley@yahoo.co.uk>
Date: Wed, 05 Aug 2009 14:50:50 +0100
Message-id: <[🔎] 20090805135050.3339.66052.reportbug@venus.markhobley.yi.org>
Reply-to: Mark Hobley <markhobley@yahoo.co.uk>, 540074@bugs.debian.org

Package: linux-image-2.6-486
Version: 2.6.26+17+lenny1
Severity: normal
File: linux

There appears to be traffic leaking across the netfilter when a long chain of
valid ip addresses are used.

I am getting connections being established from outside of the valid address
list. For example:

netstat -a --numeric-users
tcp 0 0 10.0.0.8:9999 118.168.141.172:3388 ESTABLISHED

This problem incorrectly reported on #534963 against iptables. This
reopens against kernel, as advised by Laurence Lane.

For details of configuration scripts and test data, refer to bug #534963.

Mark.

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (990, 'stable'), (50, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-486
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-image-2.6-486 depends on:
ii  linux-image-2.6.26-2-486      2.6.26-17  Linux 2.6.26 image on x86

linux-image-2.6-486 recommends no packages.

linux-image-2.6-486 suggests no packages.

-- no debconf information

Reply to:

Follow-Ups:
- Bug#540074: netfilter leaking traffic when long chains defined
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Processed: tagging 539378
Next by Date: Bug#540074: netfilter leaking traffic when long chains defined
Previous by thread: Processed: tagging 539378
Next by thread: Bug#540074: netfilter leaking traffic when long chains defined
Index(es):
- Date
- Thread