search for: connlabel

https://bugzilla.netfilter.org/show_bug.cgi?id=828 Summary: connlabel.conf is missing in built package if it exists on the system. Product: iptables Version: unspecified Platform: x86_64 OS/Version: other Status: NEW Severity: minor Priority: P5 Component: unknown...

https://bugzilla.netfilter.org/show_bug.cgi?id=1128 Bug ID: 1128 Summary: ip6_tables connmark or connlabel never matches Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: SuSE Linux Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel) Assignee: netfilter-buglog at li...

...y presents: libnetfilter_conntrack 1.0.4 libnetfilter_conntrack is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table. This library is currently used by conntrack-tools and iptables, among other applications. This release includes connlabel support, one memleak fix and fixes in the comparison API. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnetfilter_conntrack/downloads.html ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/ Have fun! ------------...

Hi! The Netfilter project proudly presents: iptables 1.4.19 This release includes support for the new connlabel and bpf matches available in Linux 3.9, several fixes and manpage updates. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ Have fun! -------------- next p...

...rom userspace. On the other hand, conntrackd allows you to deploy highly available stateful firewall clusters and to run connection tracking helpers from user-space. More information in the official manual at: http://conntrack-tools.netfilter.org/manual.html This release includes bugfixes and the connlabel support. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/nfacct/downloads.html ftp://ftp.netfilter.org/pub/nfacct/ Have fun! -------------- next part -------------- Clemence Faure (2): conntrack: introduce -l opt...

...conntrack mark is supported. - nft filter input ct mark set mark will set the conntrack mark to the packet mark - nft filter output mark set ct mark will set the packet mark to the conntrack mark - nft filter output ct mark set 0x1 will set the conntrack mark to the value 0x1. * connlabel support Support for connection tracking labels (connlabels) has been added. connlabel.conf is parsed and the values can be used as symbolic constants in combination with the "ct label" expression. - nft filter input ct label clients,servers accept will accept packets of conne...

...arguments to usage message Florian Westphal (5): iptables.8: mention iptables-save in -L documentation iptables.8: nat table has four builtin chains extensions: NETMAP: add ' to:' prefix when printing NETMAP target extensions: NETMAP: fix iptables-save output connlabel: clarify default config path George Burgess IV (1): libxt_multiport: remove an unused variable Giuseppe Longo (1): configure: make libmnl and libnftnl hard requirements Guruswamy Basavaiah (4): iptables: extensions: iptables-translate prints extra "nft" after printing...

...Support testing host binaries doc: Install ip{6,}tables-translate.8 manpages extensions: AUDIT: Document ineffective --type option extensions: Fix ipvs vproto parsing extensions: Fix ipvs vproto option printing extensions: Add testcase for libxt_ipvs extensions: connlabel: Fallback on missing connlabel.conf doc: Add arptables-nft man pages doc: Adjust arptables man pages doc: Add ebtables man page doc: Adjust ebtables man page xtables-legacy.8: Remove stray colon xtables-save: Point at existing man page in help text extensio...

...add rule x y log flags skuid ... decide ethernet link layer address, eg. # nft add rule x y log flags ether ... or simply set on all flags: # nft add rule x y log flags all * tc classid parser support, eg. nft add rule filter forward meta priority abcd:1234 * Allow numeric connlabels, so if connlabel still works with undefined labels, eg. ct label set 2. * Document log, reject, counter, meta, limit, nat, ct, payload and queue statements from nft(8) manpage. Bugfixes ======== Not strictly limited to this list below, but some highlights: * Allow split table definitions,...

...Perevalov (1): doc: clarify DEBUG usage macro Andy Spencer (1): iptables: use autoconf to process .in man pages Eric Leblond (1): configure: display summary Florian Westphal (2): extensions: libipt_ULOG: man page should mention NFLOG as replacement extensions: libxt_connlabel: use libnetfilter_conntrack Jozsef Kadlecsik (2): Introduce a new revision for the set match with the counters support libxt_CT: Add the "NOTRACK" alias Mart Frauenlob (7): libip6t_mh: Correct command to list named mh types in manpage extensions: libxt_DNAT: rena...

.../etc/security/pwquality.conf: Cannot write: No space left on device tar: ./etc/krb5.conf: Cannot write: No space left on device tar: ./etc/sysconfig/ip6tables-config: Cannot write: No space left on device tar: ./etc/sysconfig/iptables-config: Cannot write: No space left on device tar: ./etc/xtables/connlabel.conf: Cannot write: No space left on device tar: ./usr/share/info/dir: Cannot write: No space left on device tar: ./etc/groff/site-tmac/man.local: Cannot write: No space left on device tar: ./etc/groff/site-tmac/mdoc.local: Cannot write: No space left on device tar: ./etc/default/nss: Cannot write:...

.../etc/security/pwquality.conf: Cannot write: No space left on device tar: ./etc/krb5.conf: Cannot write: No space left on device tar: ./etc/sysconfig/ip6tables-config: Cannot write: No space left on device tar: ./etc/sysconfig/iptables-config: Cannot write: No space left on device tar: ./etc/xtables/connlabel.conf: Cannot write: No space left on device tar: ./usr/share/info/dir: Cannot write: No space left on device tar: ./etc/groff/site-tmac/man.local: Cannot write: No space left on device tar: ./etc/groff/site-tmac/mdoc.local: Cannot write: No space left on device tar: ./etc/default/nss: Cannot write:...

Hi! The Netfilter project proudly presents: iptables 1.6.0 This release includes accumulated fixes and enhancements for the following matches: * ah * connlabel * cgroup * devgroup * dst * icmp6 * ipcomp * ipv6header * quota * set * socket * string and targets: * CT * REJECT * SET * SNAT * SNPT,DNPT * SYNPROXY * TEE We also got rid of the very very old MIRROR and SAME targets and the unclean match, that were removed from the kernel tree long time ago. W...