Errata

Linux iptables Pocket Reference

Errata for Linux iptables Pocket Reference

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted by Date submitted
PDF Page 7
Table 7

Table 7, which describes the processing of packets sent locally, is in error. Using Oskar Andreasson's rc.test-iptables script, I get the following results using ping -c 1:

Outgoing icmp request:

Feb 3 [288011] mangle OUTPUT (REQ): IN= OUT=lo DF TYPE=8 ID=59238
Feb 3 [288047] nat OUTPUT (REQ): IN= OUT=lo DF TYPE=8 ID=59238
Feb 3 [288074] filter OUTPUT (REQ): IN= OUT=lo DF TYPE=8 ID=59238
Feb 3 [288098] mangle POSTROUTING (REQ): IN= OUT=lo DF TYPE=8 ID=59238
Feb 3 [288120] nat POSTROUTING (REQ): IN= OUT=lo DF TYPE=8 ID=59238

Incoming icmp request: SKIPS NAT PREROUTING
Feb 3 [288159] mangle PREROUTING (REQ): IN=lo OUT= DF TYPE=8 ID=59238
Feb 3 [288202] mangle INPUT (REQ) IN=lo OUT= DF TYPE=8 ID=59238
Feb 3 [288280] filter INPUT (REQ): IN=lo OUT= DF TYPE=8 ID=59238

Outgoing icmp reply: SKIPS NAT OUTPUT and NAT POSTROUTING
Feb 3 [288359] mangle OUTPUT (REP): IN= OUT=lo ID=45617 TYPE=0 ID=59238
Feb 3 [288381] filter OUTPUT (REP): IN= OUT=lo ID=45617 TYPE=0 ID=59238
Feb 3 [288401] mangle POSTROUTING (REP): IN= OUT=lo ID=45617 TYPE=0 ID=59238

Incoming icmp reply: SKIPS NAT PREROUTING
Feb 3 [288430] mangle PREROUTING (REP): IN=lo OUT= ID=45617 TYPE=0 ID=59238
Feb 3 [288519] mangle INPUT (REP): IN=lo OUT= ID=45617 TYPE=0 ID=59238
Feb 3 [288582] filter INPUT (REP): IN=lo OUT= ID=45617 TYPE=0 ID=59238


Your idea of whether or not this is a serious mistake or only minor probably depends on whether or not you're sending packets locally. :-)

Note that the output above has been edited. It's not hard to test this to generate your own output. Have fun!

Oh -- uname -a says "Linux lemoore 2.6.27-11-generic #1 SMP Thu Jan 22 17:22:40 UTC 2009 i686 GNU/Linux". And it's stock Ubuntu, no fancy modified kernel.

---dcm

 Dave Madsen  Feb 03, 2009 
Printed Page 17
1st paragraph

reference to table 14 should be to table 15.
reference to table 15 should be to table 16.

 Jon H. Peterson  Apr 16, 2012