Bug#540074: netfilter leaking traffic when long chains defined

[Bastian Blank <waldi@debian.org>]

reassign 540074 linux-2.6 2.6.26-17
thanks

On Wed, Aug 05, 2009 at 02:50:50PM +0100, Mark Hobley wrote:
> There appears to be traffic leaking across the netfilter when a long chain of
> valid ip addresses are used.
> 
> I am getting connections being established from outside of the valid address
> list. For example:
> netstat -a --numeric-users
> tcp 0 0 10.0.0.8:9999 118.168.141.172:3388 ESTABLISHED

This is an established connection. No evidence where the packets come
from.

> This problem incorrectly reported on #534963 against iptables. This
> reopens against kernel, as advised by Laurence Lane.
> For details of configuration scripts and test data, refer to bug #534963.

This is not nearly complete. Please show the _complete_ config. Also
please use a sniffer and record the packets going through.

Bastian

-- 
You're dead, Jim.
		-- McCoy, "Amok Time", stardate 3372.7