[Iptperl-general] re: IPTables::IPv4 - delete_entry problems

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I am having a slight problem when I delete a rule that has been appended
 to the iptables ruleset via IPTables::IPv4 (kernel: 2.6.14-gentoo-r2)-
I think the IPTables::IPv4 perl module has been written for 2.4, not
sure  if that is an issue or not .  Other simple append_entry and
delete_entrys work however, when I append using the following small script:

#!/usr/bin/perl - w

use IPTables::IPv4;
my $success;
my $table = IPTables::IPv4::init('filter');
my $success = $table->append_entry(
	"INPUT",
	{
		protocol    => "icmp",
		'matches'   => [ 'icmp', 'limit' ],
		'limit'     => '1/min',
		'icmp-type' => 'echo-request',
		jump => "ACCEPT"
	}
);
print "success = $success\n";
$table->commit();
-----------
success = 1

it shows up (iptables -nvL) as:

Chain INPUT (policy ACCEPT 2 packets, 64 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0           limit: avg 1/min burst 5 icmp type 8

Now, when I delete using the same identifiers using delete_entry:

#!/usr/bin/perl - w
use IPTables::IPv4;
my $success;
my $table = IPTables::IPv4::init('filter');
my $success = $table->delete_entry(
	"INPUT",
	{
		protocol    => "icmp",
		'matches'   => [ 'icmp', 'limit' ],
		'limit'     => '1/min',
		'icmp-type' => 'echo-request',
		jump => "ACCEPT"
	}
);
print "success = $success\n";
$table->commit();
-----------
success = 0 and checked via iptables -vnL

When I did a dump of the same rule that was appended to the iptables
ruleset using:  %IPTables::IPv4 = (); I got the following:

--snip--
'filter' => {
                         'INPUT' => {
                                      'rules' => [
                                                   {
                                                     'protocol' => 'icmp',
                                                     'limit-burst' => 5,
                                                     'matches' => [
                                                                    'limit'
                                                                  ],
                                                     'pcnt' => '0',
                                                     'limit' => '1/min',
                                                     'jump' => 'ACCEPT',
                                                     'icmp-type' =>
'echo-request',
                                                     'bcnt' => '0'
                                                   }
                                                 ],
                                      'pcnt' => '76',
                                      'bcnt' => '5302',
                                      'policy' => 'ACCEPT'
                                    },

--snip--

All seems to match the rules options I have listed above?

Other rules that have been created, ones that do not use the limit &
protocol match options seem to be giving me trouble.    Has there been a
bug published with delete_entry() that I am not aware of or is this user
error?  Any help would be appreciated.

jd

-- 
JD Durick
Senior INFOSEC Engineer
Center for Integrated Intelligence Systems (CIIS)
GPG Fingerprint:  7780 02CE 50CA 346F 0E15  9EBC A645 5E5F 543B 0840
The MITRE Corporation
(703) 983-5543 (Washington)
jd...@mi...