You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2020-02-29 21:30:37
Iptables standartd issue
Hello, friends!
In Devuan 1, Devuan 2, Devuan 3 (and Debian, and Ubuntu) have next standard issue with iptables!
The current range of values for the --tcp-option iptables flag is 1-255 - this is not correct. The correct range of values should be 0-254. Please read the following information: https://www.iana.org/assignments/tcp-pa … rameters-1 This negative change in iptables was made approximately 2 years ago without making this change public. Please report this issue to the iptables developers so that they can set the range of --tcp-option values in accordance with the accepted standards for the TCP Protocol.
Last edited by Eaglet (2020-02-29 21:32:22)
Offline
#2 2020-03-01 13:52:43
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: Iptables standartd issue
Do you know when and where this change took place? Was it in debian or upstream?
Where is '--tcp-option' from? It is not mentioned in man iptables.
Offline
#3 2020-03-01 14:49:14
Re: Iptables standartd issue
Do you know when and where this change took place? Was it in debian or upstream?
Where is '--tcp-option' from? It is not mentioned in man iptables.
Salute, comrade!
About --tcp-option please see this information from netfilter developers: https://www.netfilter.org/documentation … WTO-7.html or see man page iptables: https://linux.die.net/man/8/iptables
I don't know exactly where the change occurred, but it happened about 2 years ago. About 2 years ago, after the next update in iptables (this can be tracked by the history of updating fixes and updates for iptables in Debian b) in Debian 9, I started to show an error in the logs about the absence of --tcp-option 0. As it turned out in the future, this error was present in both Ubuntu and Devuan. I suspect that the developers of netfilter made this error, because it has become present in all derivatives based on Ubuntu and Debian.
Last edited by Eaglet (2020-03-01 15:06:00)
Offline
#4 2020-03-01 22:00:31
- ralph.ronnquist
- Administrator
- From: Battery Point, Tasmania, AUS
- Registered: 2016-11-30
- Posts: 1,251
Re: Iptables standartd issue
Are you saying that iptables decrements the given option code by 1?
Or is it that you find it confusing that the --tcp-option parameter rejects code 0?
Rejecting option code 0 is of course consistent with the code table, since code 0 is an "end of options list" marker, and not an option code in itself.
Offline
#5 2020-03-04 23:03:37
Re: Iptables standartd issue
Are you saying that iptables decrements the given option code by 1?
Or is it that you find it confusing that the --tcp-option parameter rejects code 0?
Rejecting option code 0 is of course consistent with the code table, since code 0 is an "end of options list" marker, and not an option code in itself.
1. What I wanted to say, I have already said here.
2. There are standards that are accepted as a standard and these standards should be followed, and not "break" user dependencies.
3. I'm not a girl to be embarrassed about.
4. The range of TCP options should be between 0 and 254, not as it is now from 1 to 255.
Offline
Pages: 1
