search for: addrtype

http://bugzilla.netfilter.org/show_bug.cgi?id=745 Summary: [addrtype]addrtype can't match src-type BROADCAST packets Product: netfilter/iptables Version: linux-2.6.x Platform: mips64 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component:...

https://bugzilla.netfilter.org/show_bug.cgi?id=745 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |netfilter at linuxace.com Resolution|

http://bugzilla.netfilter.org/show_bug.cgi?id=812 Summary: addrtype with limit-iface-in in ip6tables/nat/PREROUTING messes up the route cache Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: major Priority: P5 C...

https://bugzilla.netfilter.org/show_bug.cgi?id=812 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fw at strlen.de --- Comment #1 from Florian Westphal <fw at strlen.de> 2013-04-21 16:48:04 CEST ---

...CC| |netfilter at linuxace.com Resolution| |FIXED --- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-06-05 14:28:46 CEST --- This was fixed by Florian via 2a7851bf ("netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6"). Closing. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.

...-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-before-forward...

...efix=/opt/cifs/.samba-3.0.9 \ --with-krb5=/opt/cifs/heimdal \ --with-ads but I'm getting the following error message von the configure script: ... checking for krb5_c_enctype_compare... no checking for krb5_enctypes_compatible_keys... no checking for krb5_encrypt_block type... no checking for addrtype in krb5_address... no checking for addr_type in krb5_address... yes checking for enc_part2 in krb5_ticket... no checking for keyblock in krb5_creds... no checking for session in krb5_creds... yes checking for keyvalue in krb5_keyblock... yes checking for ENCTYPE_ARCFOUR_HMAC_MD5... yes checking for...

...is not the case. When I look in the config.log: configure:55103: checking for Active Directory and krb5 support KRB5CONFIG='' KRB5_LIBS='' WINBIND_KRB5_LOCATOR='' So then, if we do a "make" # less config.h | grep -i krb /* Whether the krb5_address struct has a addrtype property */ /* #undef HAVE_ADDRTYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_address struct has a addr_type property */ /* #undef HAVE_ADDR_TYPE_IN_KRB5_ADDRESS */ /* Whether the krb5_checksum struct has a checksum property */ /* #undef HAVE_CHECKSUM_IN_KRB5_CHECKSUM */ ...all left untouched. Any...

...now. Say I have a document (produced by nmap) like this: > mydoc <- '<host starttime="1365204834" endtime="1365205860"><status state="up" reason="echo-reply" reason_ttl="127"/> <address addr="XXX.XXX.XXX.XXX" addrtype="ipv4"/> <ports><port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="127"/><service name="msrpc" product="Microsoft Windows RPC" ostype="Windows" metho...

Am Freitag, den 25.09.2015, 22:45 +0200 schrieb Marcus Schopen: > Hi Guus, > > Am Freitag, den 25.09.2015, 17:46 +0200 schrieb Marcus Schopen: > > Hmmm ... I've tried "LocalDiscovery = yes" > > in /etc/tinc/mytunnel/tinc.conf already, but that didn't help. Config on > > client A is: > > > > --------------- > > Name = clienta >

...unt=1 AnswerCount=0 AuthorityCount=0 AddressRecCount=1 QuestionRecords: Name=MYDOMAIN NameType=0x1D (Master Browser) QuestionType=0x20 QuestionClass=0x1 ResourceRecords: Name=MYDOMAIN NameType=0x1D (Master Browser) ResType=0x20 ResClass=0x1 TTL=0 (0x0) ResourceLength=6 ResourceData= AddrType=0x0 Address=10 (0xa).0 (0x0).1 (0x1).246 (0xf6) 18:46:23.071515 IP (tos 0x0, ttl 128, id 47604, offset 0, flags [none], proto: UDP (17), length: 90) user.mydomain.netbios-ns > nova.mydomain.netbios-ns: [udp sum ok] >>> NBT UDP PACKET(137): REGISTRATION; NEGATIVE; RESPONSE; UNICA...

...-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-...

..._con_setuseruserkey... no checking for krb5_locate_kdc... no checking for krb5_get_permitted_enctypes... no checking for krb5_get_default_in_tkt_etypes... no checking for krb5_free_ktypes... no checking for krb5_free_data_contents... no checking for krb5_principal_get_comp_string... no checking for addrtype in krb5_address... no checking for addr_type in krb5_address... yes checking for enc_part2 in krb5_ticket... no checking for keyvalue in krb5_keyblock... yes checking for ENCTYPE_ARCFOUR_HMAC_MD5... yes checking for KEYTYPE_ARCFOUR_56... no checking for AP_OPTS_USE_SUBKEY... yes checking for the kr...

...gt; able to talk directly. UFW firewall is dropping broadcast traffic without noisy logging. After changing this line in /etc/ufw/before.rules broadcast packages are accepted and local tinc clients behind the NAT can connect directly (LocalDiscovery): # if BROADCAST, RETURN ###-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN -A ufw-not-local -m addrtype --dst-type BROADCAST -j ACCEPT Ciao Marcus

The netfilter coreteam proudly presents: iptables version 1.4.1 The header resync turned out to be unproblematic, changes since -rc3 include fixes for iptables-save output of the owner match, support for revision 1 of the addrtype match, more manpage updates and some sparse fixes. For people updating from 1.4.0, this release brings: - new build system with better configurability - scalability improvements for large number of chains - Support for multiple new matches, targets and revisions (supports all features availa...

...th an option not supported by IPv6 ip6tables-restore gives this error: (line 76 is the last line in the file with the COMMIT statement): ip6tables-restore: line 76 failed After debugging the rules manually I found the issue: ip6tables -A DROP_BROADCAST_AND_MCAST --match state --state NEW --match addrtype --dst-type BROADCAST --jump DROP ip6tables: Invalid argument. Run `dmesg' for more information. Running dmesg gives me: [636716.526815] xt_addrtype: ipv6 does not support BROADCAST matching If ip6tables-restore could pass the error from ip6tables that would be useful. I have not tested if...

...les with docker chains using: iptables-restore -n -c MYFILE The file might look like *nat :DOCKER COMMIT where the DOCKER chain already has rules in it, when restored - will be flushed. while in case of builtin chains - will not flush and duplicate the entry. For instance: *nat -I PREROUTING -m addrtype --dst-type LOCAL -j DOCKER COMMIT I believe the bug is in iptables-restore.c line 369 if (noflush && ops->is_chain(chain, handle)) { DEBUGP("Flushing existing user defined chain '%s'\n", chain); if (!ops->flus...

...65535 --sport 137 -j reject -A Reject -p 6 -m multiport --dports 135,139,445 -j reject -A Reject -p 17 --dport 1900 -j DROP -A Reject -p 6 -j dropNotSyn -A Reject -p 17 --sport 53 -j DROP -A all2all -m state --state ESTABLISHED,RELATED -j ACCEPT -A all2all -j Drop -A all2all -j DROP -A dropBcast -m addrtype --dst-type BROADCAST -j DROP -A dropBcast -d 224.0.0.0/4 -j DROP -A dropInvalid -m state --state INVALID -j DROP -A dropNotSyn -p tcp ! --syn -j DROP -A eth0_fwd -m state --state NEW,INVALID -j dynamic -A eth0_fwd -m state --state NEW,INVALID -j blacklst -A eth0_fwd -p tcp -j tcpflags -A eth0_in -...

...t;>> NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST TrnID=0x30 OpCode=0 NmFlags=0x58 Rcode=0 QueryCount=0 AnswerCount=1 AuthorityCount=0 AddressRecCount=0 ResourceRecords: Name=ASTERIX NameType=0x20 (Server) ResType=0x20 ResClass=0x1 TTL=259200 ResourceLength=6 ResourceData= AddrType=0x0 Address=192.168.0.1 02:02:28.314400 arp who-has asterix.armorica tell obelix.armorica 02:02:28.314480 arp reply asterix.armorica (0:c0:df:f0:4:78) is-at 0:c0:df:f0:4:78 (0:20:af:f8:18:60) 02:02:28.314828 obelix.armorica.iad3 > asterix.armorica.netbios-ssn: S 2203519:2203519(0) win 8192 &...

..._con_setuseruserkey... no checking for krb5_locate_kdc... no checking for krb5_get_permitted_enctypes... no checking for krb5_get_default_in_tkt_etypes... no checking for krb5_free_ktypes... no checking for krb5_free_data_contents... no checking for krb5_principal_get_comp_string... no checking for addrtype in krb5_address... no checking for addr_type in krb5_address... yes checking for enc_part2 in krb5_ticket... no checking for keyvalue in krb5_keyblock... yes checking for ENCTYPE_ARCFOUR_HMAC_MD5... yes checking for KEYTYPE_ARCFOUR_56... no checking for AP_OPTS_USE_SUBKEY... yes checking for the kr...