I am having a slight problem when I delete a rule that has been appended
to the iptables ruleset via IPTables::IPv4 (kernel: 2.6.14-gentoo-r2)-
I think the IPTables::IPv4 perl module has been written for 2.4, not
sure if that is an issue or not . Other simple append_entry and
delete_entrys work however, when I append using the following small script:
#!/usr/bin/perl - w
use IPTables::IPv4;
my $success;
my $table = IPTables::IPv4::init('filter');
my $success = $table->append_entry(
"INPUT",
{
protocol => "icmp",
'matches' => [ 'icmp', 'limit' ],
'limit' => '1/min',
'icmp-type' => 'echo-request',
jump => "ACCEPT"
}
);
print "success = $success\n";
$table->commit();
-----------
success = 1
it shows up (iptables -nvL) as:
Chain INPUT (policy ACCEPT 2 packets, 64 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 5 icmp type 8
Now, when I delete using the same identifiers using delete_entry:
#!/usr/bin/perl - w
use IPTables::IPv4;
my $success;
my $table = IPTables::IPv4::init('filter');
my $success = $table->delete_entry(
"INPUT",
{
protocol => "icmp",
'matches' => [ 'icmp', 'limit' ],
'limit' => '1/min',
'icmp-type' => 'echo-request',
jump => "ACCEPT"
}
);
print "success = $success\n";
$table->commit();
-----------
success = 0 and checked via iptables -vnL
When I did a dump of the same rule that was appended to the iptables
ruleset using: %IPTables::IPv4 = (); I got the following:
--snip--
'filter' => {
'INPUT' => {
'rules' => [
{
'protocol' => 'icmp',
'limit-burst' => 5,
'matches' => [
'limit'
],
'pcnt' => '0',
'limit' => '1/min',
'jump' => 'ACCEPT',
'icmp-type' =>
'echo-request',
'bcnt' => '0'
}
],
'pcnt' => '76',
'bcnt' => '5302',
'policy' => 'ACCEPT'
},
--snip--
All seems to match the rules options I have listed above?
Other rules that have been created, ones that do not use the limit &
protocol match options seem to be giving me trouble. Has there been a
bug published with delete_entry() that I am not aware of or is this user
error? Any help would be appreciated.
jd
--
JD Durick
Senior INFOSEC Engineer
Center for Integrated Intelligence Systems (CIIS)
GPG Fingerprint: 7780 02CE 50CA 346F 0E15 9EBC A645 5E5F 543B 0840
The MITRE Corporation
(703) 983-5543 (Washington)
jd...@mi...
|
