search for: alien_sup

...the kernel"), outgoing source IP not being settable for UDP |packets ("oops, another code path that was never written")... I also found a Linux xt_recent "bug" while doing this now in that printf '%s\n' "+::ffff:80.187.103.83" > /proc/net/xt_recent/alien_super results in < /proc/net/xt_recent/alien_super awk '{print $1}' src=0000:0000:0000:0000:0000:ffff:50bb:6755 without the actual IPv4 address being handled (bugzilla 219038). (But then i would assume bugs happen everywhere and all the time, and it would be interesting to know the ti...

Hi, On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: > On 14/07/2024 03:49, Steffen Nurpmeso wrote: > > I have read > > > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > > > but as an application developer i find it ugly not to be able to > > "simply do it", and get back a mapped address.

...uot;${FWCORE_PORT_KNOCK}"; then add_rule -p udp --dport ${port} \ -m recent --name port_knock --set \ -m recent --name port_knock --rcheck --seconds 60 --reap --hitcount 2 \ -m recent --name alien_super --set -j DROP add_rule -p udp --dport ${port} -j f_m1 fi fi Which allows only one packet per minute, otherwise the alien_super rule will block you for 23+ hours. I would not do it without that, as it would then really be a door to attacks. One could very wel...

Jochen Bern <Jochen.Bern at binect.de> writes: > (And since you mention "port knocking", I'd like to repeat how fond I > am of upgrading that original concept to a single-packet > crypto-armored implementation like fwknop.) I am reluctantly considering to use some kind of port knocking mechanism on some machines, however I really don't want to carry around shared

P.S.: Steffen Nurpmeso wrote in <20240707025234.j3oUaPFH at steffen%sdaoden.eu>: |Steffen Nurpmeso wrote in | <20240704180538.iV4uex29 at steffen%sdaoden.eu>: ||Simon Josefsson wrote in || <87jzi1fg24.fsf at kaka.sjd.se>: |||Jochen Bern <Jochen.Bern at binect.de> writes: |||> (And since you mention "port knocking", I'd like to repeat how fond I