Bug 174503 - ip6tables doesn't support REJECT target
ip6tables doesn't support REJECT target
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
Depends On: 173699
Blocks: FC5Target IPv6Blocker
  Show dependency treegraph
Reported: 2005-11-29 11:02 EST by Charles R. Anderson
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-07-21 09:53:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Charles R. Anderson 2005-11-29 11:02:44 EST
Description of problem:

ip6tables -j REJECT support is not compiled due to incorrect glibc-kernheaders.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. ip6tables -A INPUT -j REJECT --reject-with adm-prohibited
Actual results:
ip6tables v1.3.4: Unknown arg `--reject-with'
Try `ip6tables -h' or 'ip6tables --help' for more information.

Expected results:
ip6tables rule should be added to INPUT chain with REJECT target, causing ICMP
message type adm-prohibited to be sent back.

Additional info:
/lib/iptables/libip6t_REJECT.so is missing from the package.  This is caused by
a test in iptables-1.3.4/extensions/.REJECT-test6:

# True if REJECT is applied.
[ -f $FILE ] && grep IP6T_ICMP6_NO_ROUTE 2>&1 >/dev/null $FILE && echo REJECT

$KERNEL_DIR is defined as /usr.  /usr/include/linux/netfilter_ipv6/ip6t_REJECT.h
comes from glibc-kernheaders with incorrect enum definitions.  The kernel-devel
include files have the correct enum definitions.  See bug #173699 against
glibc-kernheaders.  Fixing that bug and then rebuilding iptables fixes this bug.
Comment 1 Robert Scheck 2006-06-14 07:05:40 EDT
Reposting last comment from Charles as it got lost due hardware failure:
glibc-kernheaders-3.0-41 is now fixed.  Can you please rebuild iptables?  
Comment 2 Charles R. Anderson 2006-07-21 09:53:14 EDT
Rawhide iptables-ipv6-1.3.5-1.2.1 has this fixed.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.