On iptables 1.4.1 pulled from SVN, the iprange match rejects valid IP addresses:
#iptables -t filter -A INPUT -m iprange --src-range \
192.168.1.1-192.168.1.2 -j ACCEPT
iptables v1.4.1: iprange match: Bad IP address `192.168.1.1'
The validation logic following numeric_to_ipaddr() was inverted.
Compile and rule insert tested.
===
[IPTABLES]: libxt_iprange: Fix IP validation logic
IP address validation logic was inverted, causing valid addresses to
be rejected.
Signed-off-by: James King <t.james.king@xxxxxxxxx>
---
diff -uprN a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
--- a/extensions/libxt_iprange.c 2008-04-01 10:26:51.000000000 -0700
+++ b/extensions/libxt_iprange.c 2008-04-01 10:40:15.000000000 -0700
@@ -41,14 +41,14 @@ parse_iprange(char *arg, struct ipt_ipra
*dash = '\0';
ip = numeric_to_ipaddr(arg);
- if (ip != NULL)
+ if (!ip)
exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
arg);
range->min_ip = ip->s_addr;
if (dash != NULL) {
ip = numeric_to_ipaddr(dash+1);
- if (ip != NULL)
+ if (!ip)
exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
dash+1);
range->max_ip = ip->s_addr;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
