knet-jenkins[bot]
commented
3 months ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1924/1/input
Closed chrboe closed 3 months ago
knet-jenkins[bot]
commented
3 months ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1924/1/input
oalbrigt
commented
3 months ago Thanks.
Usually, using the "-n" flag with "iptables -L" will only enable numeric display for hosts and port numbers. Protocols are unaffected and are still shown as "tcp" or "udp", which we rely on in the portblock agent.
iptables version 1.8.9 ships with a regression that breaks this format, displaying the numeric value of the protocol instead. See this bug report for more: https://bugzilla.netfilter.org/show_bug.cgi?id=1729
The issue was fixed in the 1.8.10 release, but some distributions (notably, Debian Bookworm and Fedora 39) have shipped 1.8.9, effectively breaking the portblock agent.
Since both formats are now in use in the wild, we must work around this in the resource agent by allowing both the numeric and string representation of the protocol.