ubuntu-apps-bugs team mailing list archive

Thread
Date

[Bug 2067274] [NEW] iptables: regression in 1.8.9 with -n breaks portblock in resource-agents

To: ubuntu-apps-bugs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2067274@xxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Oct 2025 14:10:22 -0000
Reply-to: Bug 2067274 <2067274@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

You have been subscribed to a public bug by Igor I Shatunov (raider444):

In iptables 1.8.9, a regression was introduced that changes the behavior
of the -n flag.

Previously, supplying -n would *not* display numerical values for the
"prot" column of the -L output:

# iptables --version
iptables v1.8.7 (nf_tables)

# iptables -nL
Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53

However, with the faulty patch, this changed to numerical values:

# iptables --version
iptables v1.8.9 (legacy)

# iptables -nL
Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53

This breaks parsing in the resource-agents package, namely the portblock resource agent.
Parsing has since been relaxed in resource-agents: https://github.com/ClusterLabs/resource-agents/pull/1924 (released in resource-agents v4.14.0).

There is an upstream bug report:
https://bugzilla.netfilter.org/show_bug.cgi?id=1729

For reference, there is also a report with the Debian project:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067733

The offending commit was reverted upstream:
https://git.netfilter.org/iptables/commit/?id=34f085b1607364f4eaded1140060dcaf965a2649

But the revert has not been released yet.

Ubuntu Noble ships version 1.8.10 of iptables, which is still affected.
The solution would be to apply the reverted patch mentioned above.

** Affects: iptables
     Importance: Unknown
         Status: Fix Released

** Affects: iptables (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
iptables: regression in 1.8.9 with -n breaks portblock in resource-agents
https://bugs.launchpad.net/bugs/2067274
You received this bug notification because you are a member of Ubuntu Apps bug tracking, which is subscribed to the bug report.