search for: nfqueue

https://bugzilla.netfilter.org/show_bug.cgi?id=992 Bug ID: 992 Summary: Missing space between NFQUEUE extra parameters Product: iptables Version: 1.4.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: enhancement Priority: P5 Component: iptables-save Assignee: netfilter-buglog at lists.netfilter.org...

Hi all, I have been trying to run an IDS system on OpenVZ based VPS which requires that I run this IPTABLES command : iptables -A FORWARD -j NFQUEUE However, so far I have not suceeded. I always get this errors: iptables: Unknown error 4294967295 Even when the NFQUEUE  IP modules was enabled by the VPS provider, I still get these errors and this appears to be OpenVZ bug.  So I want to migrate to XEN based VPS and I would like to know if thi...

https://bugzilla.netfilter.org/show_bug.cgi?id=939 Summary: extensions: NFQUEUE: missing cpu-fanout Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: ip_tables (kernel) AssignedTo: netfil...

https://bugzilla.netfilter.org/show_bug.cgi?id=1322 Bug ID: 1322 Summary: Accepting in an nfqueue breaks multi-chain processing Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: kernel Assignee: pablo at netfilter.org R...

Hi! How I can use L7-Filter (http://l7-filter.sourceforge.net/) with Shorewall? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

https://bugzilla.netfilter.org/show_bug.cgi?id=1742 Bug ID: 1742 Summary: using nfqueue breaks SCTP connection (tracking) Product: libnetfilter_queue Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue Assignee: netfilter-bug...

Dear list members (especially Xen network wizards), I''m using the netfilter_queue mechanism to modify packets on the wire that are sent from one domU to another while they travel over the dom0 bridge. This has worked fine as long as I was tinkering with UDP packets only - but when I try to reinject TCP frames with an increased length, I run into a BUG() because

https://bugzilla.netfilter.org/show_bug.cgi?id=778 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |fw at strlen.de --- Comment #1 from Florian Westphal

...pace. The default is 1. Examples: /etc/shorewall/shorewall.conf: MACLIST_LOG_LEVEL=NFLOG(1,0,1) /etc/shorewall/rules: ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080 5) Shorewall-perl 4.1.0 implements an alternative syntax for macro parameters and for the NFQUEUE queue number. Rather than following the macro name (or NFQUEUE) with a slash ("/") and the parameter, the parameter may be enclosed in parentheses. Examples -- each pair shown below are equivalent: DNS/ACCEPT DNS(ACCEPT) NFQUEUE/3 NFQUEUE(3) The old...

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

...x86_64 OS/Version: other Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: jutaky at gmail.com Estimated Hours: 0.0 I discovered a problem with NFQUEUE and large ICMP packets. First I thought it was something in my packet processor implementation, but the example code from netfilter.org reproduces the issue I faced. http://netfilter.org/projects/libnetfilter_queue/doxygen/nfqnl__test_8c_source.html Compiled with: $ gcc nfqnl_test.c -o nfqnl_tes...

...er Status: NEW Severity: normal Priority: P5 Component: nfnetlink_queue AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: dnadle at hotmail.com Estimated Hours: 0.0 I have this forwarding rule in my iptables: -A FORWARD -j NFQUEUE --queue-balance 0:3 The queues are processed by Suricata. Suricata stats show no activity on queues 1:3. Also, /proc/net/netfilter/nfnetlink_queue looks like this soon after a reboot: $ sudo cat /proc/net/netfilter/nfnetlink_queue 0 2010 0 2 65535 0 0 92116 1 1 -4195...

...s where i mangle the incoming and outgoing packet. I think this code would be sufficient to describe my case. If further clarification is need please ask, i will post further details. Lets say accompanying iptables rules are following : $iptables -t mangle -A PREROUTING -p udp --dport 5000 -j NFQUEUE $iptables -t mangle -A OUTPUT -p udp --sport 5000 -j NFQUEUE lets compile and fire udp the thing. $gcc -g3 nfq_test.c -lnfnetlink -lnetfilter_queue $./a.out (should be as root) now we can feed garbage udp payload to this thing by netcat both client and server mode $nc -ul 5000...

...OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue Assignee: netfilter-buglog at lists.netfilter.org Reporter: emacsuser123 at gmail.com Hi. I'm developing an application that makes use of NFQUEUE functionality. When using Ubuntu with recent kernels (4.4 and onwards), I'm having trouble trying to get the packet timestamp by means of nfq_get_timestamp. It seems that it does nothing with the timeval struct passed as an input parameter. So, I always get 0 on both tv_sec and tv_usec fields....

I have two iptable rules for userspace modification : iptable -t mangle -A PREROUTING -p udp --dport 9090 -j NFQUEUE iptable -t mangle -A OUTPUT -p udp --sport 9090 -j NFQUEUE I have the following network setup: client ---------------->Linux Box or router--------------------->server. What i'm trying to achieve is modifying all packets which comes from client to 9090 port of the Linux Box. Also whic...

...entation updates - a new "guided option parser" from Jan, replacing a lot of the open-coded option parsing by a data driven parser - support for the current SET target as contained in 2.6.39 - support for the new devgroup match - support for the new AUDIT target - support for a new NFQUEUE bypass option, allowing to bypass the queue if no userspace listener is present - a new iptables option "-C" to check for existance of a rules - a new xtables-multi binary which supports both IPv4 and IPv6 See the attached changelogs for the full list of changes. Version 1.4.11 can...

...inc, I setup the following virtual network: - tinc 1.1pre9 with ExperimentalProtocol=yes - use of network namespaces (actually python-nemu[1]) - star topology, where all nodes runs tinc except the center, which I use to filter communications, simulating cuts or delays between specific nodes (use of NFQUEUE) - tinc TCP graph: m1 -- R ---- m3 \ / `m6' with 100ms delay between R & m3 Here are my observations. - UDP tunnels Tinc only uses UDP for direct communication. What I mean is that if a source node can't establish a UDP tunnel to the destination node, the p...

...rk traffic is being distributed in both the queues with Centos 6.2. uname ?a :- Linux hwcentos8 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Machine Info: 16 core machine with 64GB RAM. Command used for iptables in Centos 6.5 :- iptables -A INPUT -j NFQUEUE --queue-balance 0:1 Output In Centos 6.5 :- [varun at exp2 ~]$ ./queue0 opening library handle unbinding existing nf_queue handler for AF_INET (if any) binding nfnetlink_queue as nf_queue handler for AF_INET binding this socket to queue '0' setting copy_packet mode pkt received q...

...tus: NEW Severity: major Priority: P5 Component: libnetfilter_queue Assignee: netfilter-buglog at lists.netfilter.org Reporter: gooffy1 at gmail.com Created attachment 599 --> https://bugzilla.netfilter.org/attachment.cgi?id=599&action=edit nfqueue tester Hi! Some users have reported kernel OOPs [0][1] using opensnitch, an app that uses libnetfilter_queue to allow or deny connections. These users configured several hardening parameters of the kernel, and the one that is causing this problem is: slub_debug=FZP The versions of libnetfilter_...

...e I use is very similar to the test code available on the netfilter website (http://www.netfilter.org/projects/libnetfilter_queue/doxygen/nfqnl__test_8c_source.html), accepting every queued packet. I am queuing outgoing DNS requests with the following rule: iptables -A OUTPUT -p udp --dport 53 -j NFQUEUE --queue-num 666 Then, launch a browser (tested with Firefox 3.5 and Chromium 9), type a URL, the browser hangs for 5 seconds and then displays the webpage. So I ran tcpdump and the queue program on the same terminal. See what happens with and without the NFQUEUE rule: * Normal behavior, iptables...