Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

IPTables: Uninitialized value in bitwise operations?

Discussion in 'General Discussion' started by spiff06, Nov 3, 2004.

  1. spiff06

    spiff06 Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    156
    Hello everyone,

    We've been having an increasing number of errors in the kernel script, showing up in the daily LogWatch email report:

    The offending lines compare IPs for matching:
    Code:
    sub compIP {
       my ($a1,$a2,$a3,$a4,$aval,$bval);
    
       # get numeric values for a and b
       ($a1,$a2,$a3,$a4) = split /\./,$a;
       $aval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;
       ($a1,$a2,$a3,$a4) = split /\./,$b;
       $bval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;
    
       return $aval <=> $bval;
    }
    
    According to this post, the lines in question (100 & 102) have to do with IPTables setup. Indeed we've had some intrusion attempts coming up that we attempted to block with the IPTables firewall: changes were made to the setup to block (DROP) 10 IPs over the course of the last week or so.

    If I look at iptables --list, addresses blocked show either as IPs or as domains (such as this.is.our.domain), even though I stored them as IPs using iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP; if the script processes the same strings as those shown on the list, then the above bitwise operations would fail when encountering a word rather than a number. Is that indeed the case?

    I'm currently looking at the IPTables manual (http://www.netfilter.org/documentation/index.html), but would appreciate if someone would chip in on this issue, and suggest corrective steps.

    Thanks,
    Eric
     
  2. spiff06

    spiff06 Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    156
    I've removed all entries from iptables except for the log. But I still get floods of junk messages about failed bitwise operations that make the LogWatch message utterly useless.

    Surely someone else experienced this issue?

    Please help.
    Eric
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice