OpenWrt Forum Archive

Topic: [BUG] '--dport' option is broken with sctp and iptables

The content of this topic has been archived on 25 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I'd tried posting at dev.openwrt.org but got this super user-friendly response:

Submission rejected as potential spam

I hope someone with trusted account could post this in the openwrt's bug track.

System: CHAOS CALMER (15.05.1, r48532)
Router: Asus RT-N56U

What happens:
It seems that '--dport' option is not recognized for sctp by iptables. Command execution fails.

Expected result:
Command runs successfully and we can create rules with iptables to match by sctp and destination port.

Steps to reproduce:
First install these:
kmod-sctp
libsctp
sctp
sctp-tools

Try to run this:

iptables -A INPUT -p sctp --dport 1234 -j ACCEPT

Shows error:

iptables v1.4.21: unknown option "--dport"
Try `iptables -h' or 'iptables --help' for more information.

Try to run this:

iptables -A INPUT -p sctp -j ACCEPT

Works!

Try to reproduce the issue with a slightly newer source code base, like the LEDE 17.01. If the problem persist, report it to https://bugs.lede-project.org/, unless it has already been reported.

(Last edited by Antek on 9 Feb 2018, 16:11)

I quickly installed lede 17.01.1 r3316-7eb58cf109 in VirtualBox (according to the guide on wiki.openwrt.org/doc/howto/virtualbox). Commands behave the same way - this bug is present.

Any tips how to create issue on bugs.lede-project.org? I don't see any instruction or "create issue" button...

You can also use https://bugs.openwrt.org/ that is the new address for the same tracker https://bugs.lede-project.org/

click the "Login!" button in the upper right corner...

(anonymous bug reports are not accepted, you need to register first)

Reported:
bugs.openwrt.org/index.php?do=details&task_id=1339

The discussion might have continued from here.