Displaying 20 results from an estimated 29 matches for "local_in".
Did you mean:
local_ip
2004 Oct 31
9
Maquerading through IPSECed wireless dropping packets selectively?
Hello,
I''m stuck IPSECing my wireless network at home and would appreciate any
comments. I appologize in advance if I''m wasting your time with trivia -
I''m not a professional and staring at the problem for days from various
angles hasn''t done me any good ...
My home server/firewall (morannon) is hooked up through an USB to
ethernet adapter (eth1) to my DSL
2005 Dec 20
0
netfilter debug patch info
Poking around in the bridge latency issue I have, I discovered this
netfilter patch.
http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2751
In my case I was getting a slew of
ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING
entries.
I didn''t see this on the list so I posted for reference.
Regards,
Ted
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
2006 May 05
0
iptables time match mangle stage
...uting stage but I
really need to use the classify command which only works in the postrouting.
Does any one have a patch for 2.6 kernel, latest pom and iptables 1.3.5 so
time matching can occur in the post routing?
machinenemae login: ipt_time loading
ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)
many thanks
william
2006 May 07
1
time matching in the mangle stage?? is it possible??
...uting stage but I
really need to use the classify command which only works in the postrouting.
Does any one have a patch for 2.6 kernel, latest pom and iptables 1.3.5 so
time matching can occur in the post routing?
machinenemae login: ipt_time loading
ipt_time: error, only valid for PRE_ROUTING, LOCAL_IN, FORWARD and OUTPUT)
many thanks
william
2014 May 07
1
[Bug 919] New: ah: --reserver is not supported (ipv4 and ipv6)
...rey at gmail.com
Estimated Hours: 0.0
The following command-line parameter of "ah" iptables-extensions is not
supported in nft yet:
FIXED: reserver (--ahres in iptables)
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
0
[Bug 920] New: DNAT: SNAT: --random and --persistent are not supported
...at gmail.com
Estimated Hours: 0.0
The following command-line parameters of DNAT and SNAT iptables-extensions (in
ipv4 and ipv6) are not supported in nft yet:
--random
--persistent
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
1
[Bug 921] New: log, ulog and nflog: command-line parameters are not supported
...--log-level level
--log-tcp-sequence
--log-tcp-options
--log-ip-options
--log-uid
--log-macdecode
--nflog-threshold size
--nflog-range size
--ulog-cprange size
--ulog-qthreshold size
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
1
[Bug 922] New: iprange: --ports is not suppported
...eportedBy: anarey at gmail.com
Estimated Hours: 0.0
The following command-line parameter in multiport of iptables-extensions is not
supported in nft yet:
--ports (iptables iprange)
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
2
[Bug 924] New: Range: It is not possible invert a range of ip address
...bug.
$ sudo nft add rule ip test input ip daddr != 192.168.1.2-192.168.1.55
BUG: invalid data expression type range
nft: src/netlink.c:300: netlink_gen_data: Assertion `0' failed.
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
1
[Bug 925] New: icmp: ICMPv4 types are not supported
...nft
timestamp-reply => timestamp-reply in nft
address-mask-request => address-mask-request in nft
address-mask-reply => address-mask-reply in nft
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
1
[Bug 927] New: tos: symbolic names are not supported
...e are:
(0x10) 16 Minimize-Delay
(0x08) 8 Maximize-Throughput
(0x04) 4 Maximize-Reliability
(0x02) 2 Minimize-Cost
(0x00) 0 Normal-Service
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
1
[Bug 928] New: ECN: --ecn-tcp-ece and --ecn-ip-ect is not supported
...ReportedBy: anarey at gmail.com
Estimated Hours: 0.0
The following command-line parameters in ECN iptables-extensions are not
supported in nft yet:
--ecn-tcp-ece
--ecn-ip-ect
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
0
[Bug 929] New: sctp: --chunk-types is not supported.
...filter.org
ReportedBy: anarey at gmail.com
Estimated Hours: 0.0
The following command-line parameter in SCTP iptables-extensions is not
supported in nft yet:
--chunk-types
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 07
0
[Bug 930] New: DCCP: --dccp-types and --dccp-option are not supported
...ReportedBy: anarey at gmail.com
Estimated Hours: 0.0
The following command-line parameters in DCCP iptables-extensions is not
supported in nft yet:
--dccp-types
--dccp-option
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 13
1
[Bug 931] New: limit: -limit-burst is not supported in nft
...Estimated Hours: 0.0
The following command-line parameters in limit iptables-extensions are not
supported in nft yet:
--limit-burst number number to match in a burst, default 5
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 13
1
[Bug 932] New: TOS: An Invert mask in TOS
...kets 0 bytes 0 accept
}
}
[Here, all is ok]
$ sudo nft add rule ip test3 input ip tos and 0x04 != 0x02 counter accept
$ sudo nft list table test3
[ERROR: The table is not shown]
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 13
1
[Bug 933] New: queue: Incorrect use of option with queue
...num 2 total 3 options bypass counter packets 0 bytes 0
}
}
If you list the table, The rule shows one options "options bypass" but you miss
the "options fanout".
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 13
1
[Bug 934] New: frag: Invert a range in frag
...a example of this bug:
$ sudo nft add rule ip test input frag id != 22-26
? BUG: invalid data expression type range
nft: src/netlink.c:300: netlink_gen_data: Assertion `0' failed.
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 13
1
[Bug 935] New: Frag: problem with frag-off
...error:
$ sudo nft add rule ip test input frag frag-off 33
$ sudo nft list table ip test
table ip test {
chain input {
}
}
netlink: Error: Relational expression size mismatch
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...
2014 May 13
1
[Bug 936] New: frag: "more-fragments" and "reserved" are not identified by nftables
...o nft add rule ip test input frag reserved
<cmdline>:1:37-37: Error: syntax error, unexpected end of file
add rule ip test input frag reserved
^
The last commit in Pablo git tree of kernel is "40e6442 netfilter: x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
ou...