running the new iptables with certain domains seems to cause a segfault with version 1.2.11-r2 Reproducible: Always Steps to Reproduce: 1. install iptables-1.2.11-r2 2. run the following: iptables -A FORWARD -i eth1 -o eth0 -p tcp -s 192.168.0.2 --sport 1024:65535 -d mail.rydium.com --dport 25 -m state --state NEW -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p tcp -s 192.168.0.2 --sport 1024:65535 -d smtp.mail.yahoo.ca --dport 25 -m state --state NEW -j ACCEPT 3. the first one segfaults while the second succeeds. Actual Results: see above Expected Results: no segfault would be good ;-) 1.2.9-r4 works just fine. # cat /proc/version Linux version 2.4.25 (root@fightclub) (gcc version 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r3, propolice)) #1 Wed Feb 18 18:56:39 EST 2004
Same version, same problem here, this time with iptables -A OUTPUT -o eth0 -p tcp -d rsync.europe.gentoo.org --dport 873 -j ACCEPT On x86 and also on sparc64
This is due to problems with dns-round-robin domains( or whatever they are called ) The problem is known to the netfilter-folks and you can find a patch for the problem here: https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=224 Please fix this as soon as possible, thx in advance Matthias Liertzer
We have this happening on Gentoo's own infrastructure boxes ;/
as solar mentioned, I can confirm this is happening (reproducably) on two Gentoo infra boxes. Solar also pointed out this link: http://lists.netfilter.org/pipermail/netfilter-devel/2004-August/016232.html
Patch added to 1.2.11-r2, I'll add a new revision with some other fixes soon.