portblock: accept numeric protocol from iptables
420e591baa01
Actions

Description

portblock: accept numeric protocol from iptables

Usually, using the "-n" flag with "iptables -L" will only enable numeric
display for hosts and port numbers. Protocols are unaffected and are
still shown as "tcp" or "udp", which we rely on in the portblock agent.

iptables version 1.8.9 ships with a regression that breaks this format,
displaying the numeric value of the protocol instead. See this bug
report for more: https://bugzilla.netfilter.org/show_bug.cgi?id=1729

The issue was fixed in the 1.8.10 release, but some distributions
(notably, Debian Bookworm and Fedora 39) have shipped 1.8.9,
effectively breaking the portblock agent.

Since both formats are now in use in the wild, we must work around this
in the resource agent by allowing both the numeric and string
representation of the protocol.

Details

Provenance

Christoph Böhmwalder <christoph.boehmwalder@linbit.com>

Authored on Mar 20 2024, 11:42 AM

Parents

rRca8ba61e8f2a: Merge pull request #1923 from oalbrigt/spec-usr-sbin

Branches

Unknown

Tags

Unknown

Event Timeline

Christoph Böhmwalder <christoph.boehmwalder@linbit.com> committed rR420e591baa01: portblock: accept numeric protocol from iptables (authored by Christoph Böhmwalder <christoph.boehmwalder@linbit.com>).Mar 20 2024, 11:48 AM

Changes (1)

Path

Size

heartbeat/

portblock

rR420e591baa01

View Options