The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPTables: Uninitialized value in bitwise operations?

Discussion in 'General Discussion' started by spiff06, Nov 3, 2004.

  1. spiff06

    spiff06 Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Hello everyone,

    We've been having an increasing number of errors in the kernel script, showing up in the daily LogWatch email report:

    The offending lines compare IPs for matching:
    Code:
    sub compIP {
       my ($a1,$a2,$a3,$a4,$aval,$bval);
    
       # get numeric values for a and b
       ($a1,$a2,$a3,$a4) = split /\./,$a;
       $aval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;
       ($a1,$a2,$a3,$a4) = split /\./,$b;
       $bval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;
    
       return $aval <=> $bval;
    }
    
    According to this post, the lines in question (100 & 102) have to do with IPTables setup. Indeed we've had some intrusion attempts coming up that we attempted to block with the IPTables firewall: changes were made to the setup to block (DROP) 10 IPs over the course of the last week or so.

    If I look at iptables --list, addresses blocked show either as IPs or as domains (such as this.is.our.domain), even though I stored them as IPs using iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP; if the script processes the same strings as those shown on the list, then the above bitwise operations would fail when encountering a word rather than a number. Is that indeed the case?

    I'm currently looking at the IPTables manual (http://www.netfilter.org/documentation/index.html), but would appreciate if someone would chip in on this issue, and suggest corrective steps.

    Thanks,
    Eric
     
  2. spiff06

    spiff06 Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    I've removed all entries from iptables except for the log. But I still get floods of junk messages about failed bitwise operations that make the LogWatch message utterly useless.

    Surely someone else experienced this issue?

    Please help.
    Eric
     
Loading...

Share This Page