Displaying 7 results from an estimated 7 matches for "kd6lvw".
2009 Jun 07
2
[Bug 597] New: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix)
...(includes fix)
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P1
Component: ip6tables
AssignedTo: laforge at netfilter.org
ReportedBy: kd6lvw at yahoo.com
(e.g.) -m connlimit --connlimit-above 1 --connlimit-mask 48
Any mask size >32 will be set as 32 for IP6tables. However, IPv6 addresses
have 128 bits.
iptables-1.4.3.2/extensions/libxt_connlimit.c (lines 26-30):
static void connlimit_init(struct xt_entry_match *match)
{...
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #5 from - <kd6lvw at yahoo.com> 2013-07-09 03:45:06 CEST ---
Re: Comment #4. One doesn't know what the addresses are until they are
retrieved from the DNS. The point is that the routines which generate the
rules are NOT checking the values AFTER the CIDR netmask is applied to
eliminate POST-MASK duplicate a...
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #7 from - <kd6lvw at yahoo.com> 2013-07-09 09:35:30 CEST ---
Re: Comment #6 - It is up to the author of the ruleset to determine policy. It
is the duty of the software to properly execute that policy. Here, the
software fails to do so because it produces duplicate redundant rules which are
never used.
Note tha...
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #9 from - <kd6lvw at yahoo.com> 2013-07-09 19:56:29 CEST ---
RE: Comment #7: "It seems your best solution is to add a single rule with
208.83.136.0/22."
Yet, it adds THREE rules, two of which will never fire, thus the problem and
bug report.
Extend your quota example: When the first rule reaches the...
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #11 from - <kd6lvw at yahoo.com> 2013-07-09 21:48:05 CEST ---
I fully disagree that the addition of duplicate rules that will never be
reached is part of the design. As a waste of memory allocation, it is
inefficient and therefore incorrect. The use of a hostname in place of an IP
address literal should not have...
2010 Jan 19
1
[Bug 630] New: Enhancement: Allow rules to specify ICMP type ranges.
...cified
Platform: All
URL: http://www.ietf.org/rfc/rfc4890.txt
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ip6tables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: kd6lvw at yahoo.com
RFC 4890 suggests that for IPv6, certain ICMP types must be permitted while
others (especially the undefined ranges) be denied. However, current iptables
interfaces (IPv4/IPv6) only allow rules to specify a single ICMP type per rule.
Under IPv6 (since that's what the RFC concen...
2009 Oct 20
1
[Bug 616] New: Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
...nconsistent treatment.
Product: iptables
Version: unspecified
Platform: i386
OS/Version: All
Status: NEW
Severity: minor
Priority: P4
Component: iptables
AssignedTo: laforge at netfilter.org
ReportedBy: kd6lvw at yahoo.com
Example rule:
iptables -A INPUT -j ACCEPT -p tcp -m tcp --sport 2703 -s
discovery.razor.cloudmark.com/22
DNS resolution: (BIND 9.7.0a3)
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 6, ADDITIONAL: 0
;; ANSWER SECTION:
discovery.razor.cloudmark.com. 3600 IN A 208.83.137...