Displaying 13 results from an estimated 13 matches for "rpfilter".
Did you mean:
refilter
2013 Mar 24
0
[Bug 814] New: rpfilter blocks broadcast packets
http://bugzilla.netfilter.org/show_bug.cgi?id=814
Summary: rpfilter blocks broadcast packets
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: Gentoo
Status: NEW
Severity: normal
Priority: P5
Component: ip_tables (kernel)
AssignedTo: netfilter-buglog...
2020 Aug 23
0
[Bug 1453] New: iptables-extensions(8) man page error (rpfilter)
https://bugzilla.netfilter.org/show_bug.cgi?id=1453
Bug ID: 1453
Summary: iptables-extensions(8) man page error (rpfilter)
Product: iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: iptables
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: 0...
2012 Apr 07
27
Shorewall 4.5.2 RC 2
RC 2 is ready for testing.
Problems corrected:
1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the
wrong SysV init script on Debian and derivatives. That has been
corrected.
2) The getparams program now reads the installed shorewallrc file
rather than ~/.shorewallrc.
3) The ''load'' and ''reload'' now copy the
2012 Apr 07
27
Shorewall 4.5.2 RC 2
RC 2 is ready for testing.
Problems corrected:
1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the
wrong SysV init script on Debian and derivatives. That has been
corrected.
2) The getparams program now reads the installed shorewallrc file
rather than ~/.shorewallrc.
3) The ''load'' and ''reload'' now copy the
2013 Apr 12
3
[Bug 814] rpfilter blocks broadcast packets
...ip addr show br.qemu
> 10: br.qemu: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> link/ether 02:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.1/24 scope global br.qemu
>
> Here is rules:
> # iptables -A PREROUTING -t raw -i br.qemu -m rpfilter -j RETURN
> # iptables -A PREROUTING -t raw -j LOG --log-level 7 --log-prefix "antispoof: "
>
> Here is example of blocked packet (samba/netbios announce, I suppose):
> kern.debug: antispoof: IN=br.qemu OUT= MAC= SRC=192.168.2.1 DST=192.168.2.255
> LEN=248 TOS=0x00 PREC=0x...
2012 Mar 27
0
[ANNOUNCE] Netfilter releases: iptables 1.4.13, nfacct 1.0.0 and libnetfilter_acct 1.0.0
Hi!
The Netfilter project proudly presents:
iptables 1.4.13
nfacct 1.0.0
libnetfilter_acct 1.0.0
Changes in iptables include:
* rpfilter support from Florian Westphal.
* IPv6 ECN capable version from Patrick McHardy.
* a couple of fixes for internal libiptc library.
* fix leaking file descriptor to avoid annoying log messsages in SELinux from
Maciej enczykowski.
* nfacct match support by myself.
For nfacct and libnetfilter_ac...
2007 Feb 09
26
transient "martian source ..." errors
Hi All,
As you probably all know :-) I''m trying to do the multi-isp thing. I''ve
resolved my last issue with the route_rules as suggested by Tom and
Jerry suggested.
Lately I have been seeing "transient" (I say transient because the
problem will persist for a while and then magically clear itself up some
number of minutes later) situations where my gateway will log:
2012 Aug 20
0
Shorewall 4.5.7
...e
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) A new ''rpfilter'' interface option has been added. Setting this
option requires kernel 3.4.0 or later and iptables 1.4.14. This
option is similar to routefilter but without the disadvantages:
- Works with both IPv4 and IPv6
- Uses packet marks when doing reverse path lookup so works wi...
2013 Mar 03
0
[ANNOUNCE] iptables 1.4.18 release
...system administrators.
See ChangeLog that comes attached to this email for more details.
You can download it from:
http://www.netfilter.org/projects/iptables/downloads.html
ftp://ftp.netfilter.org/pub/iptables/
Have fun!
-------------- next part --------------
Florian Westphal (1):
doc: rpfilter: invert option should have own paragraph
Jan Engelhardt (11):
build: resolve link failure for ip6t_NETMAP
doc: fixup omissions in ip6tables-restore.8
doc: document iptables-restore's -t option
doc: document iptables-restore's -v option
doc: document iptables-r...
2013 Jun 10
0
Shorewall 4.5.18 Beta 2
...ded to hosts on other interfaces.
The following interface options are mutually-exclusive with
''unmanaged'':
- blacklist
- bridge
- destonly
- detectnets
- dhcp
- maclist
- nets
- norfc1918
- nosmurfs
- optional
- routeback
- rpfilter
- sfilter
- tcpflags
- upnp
- upnpclient
Unmanaged interfaces may not be associated with a zone in either
the interfaces or hosts files.
The ''lo'' interface may not be unmanaged when there are vserver
zones defined.
Thank you for testing,
-Tom
--...
2019 Dec 06
1
VPN connections subject to hijack attack
On Fri, 6 Dec 2019 at 04:40, Kenneth Porter <shiva at sewingwitch.com> wrote:
>
> <https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/>
>
Thanks for the heads up
> This affects all VPNs and is a consequence of using "loose" reverse path
> filtering for anti-spoofing. The default CentOS setting is
2018 Jan 30
7
[Bug 1221] New: "fib" produces strange results with an IPv6 default route
https://bugzilla.netfilter.org/show_bug.cgi?id=1221
Bug ID: 1221
Summary: "fib" produces strange results with an IPv6 default
route
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails.
I tracked it down to network traffic with wrong Sourceport in the answer
packet (should be 1300 not 1024):
2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300
Destination port: 1300
3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024
Destination port: 1300
and a collateral entry in the connection tracking table