search for: rpfilter

http://bugzilla.netfilter.org/show_bug.cgi?id=814 Summary: rpfilter blocks broadcast packets Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P5 Component: ip_tables (kernel) AssignedTo: netfilter-buglog...

https://bugzilla.netfilter.org/show_bug.cgi?id=1453 Bug ID: 1453 Summary: iptables-extensions(8) man page error (rpfilter) Product: iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: iptables Assignee: netfilter-buglog at lists.netfilter.org Reporter: 0...

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

...ip addr show br.qemu > 10: br.qemu: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP > link/ether 02:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff > inet 192.168.2.1/24 scope global br.qemu > > Here is rules: > # iptables -A PREROUTING -t raw -i br.qemu -m rpfilter -j RETURN > # iptables -A PREROUTING -t raw -j LOG --log-level 7 --log-prefix "antispoof: " > > Here is example of blocked packet (samba/netbios announce, I suppose): > kern.debug: antispoof: IN=br.qemu OUT= MAC= SRC=192.168.2.1 DST=192.168.2.255 > LEN=248 TOS=0x00 PREC=0x...

Hi! The Netfilter project proudly presents: iptables 1.4.13 nfacct 1.0.0 libnetfilter_acct 1.0.0 Changes in iptables include: * rpfilter support from Florian Westphal. * IPv6 ECN capable version from Patrick McHardy. * a couple of fixes for internal libiptc library. * fix leaking file descriptor to avoid annoying log messsages in SELinux from Maciej enczykowski. * nfacct match support by myself. For nfacct and libnetfilter_ac...

Hi All, As you probably all know :-) I''m trying to do the multi-isp thing. I''ve resolved my last issue with the route_rules as suggested by Tom and Jerry suggested. Lately I have been seeing "transient" (I say transient because the problem will persist for a while and then magically clear itself up some number of minutes later) situations where my gateway will log:

...e the firewall before interfaces are brought up. ---------------------------------------------------------------------------- I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) A new ''rpfilter'' interface option has been added. Setting this option requires kernel 3.4.0 or later and iptables 1.4.14. This option is similar to routefilter but without the disadvantages: - Works with both IPv4 and IPv6 - Uses packet marks when doing reverse path lookup so works wi...

...system administrators. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ Have fun! -------------- next part -------------- Florian Westphal (1): doc: rpfilter: invert option should have own paragraph Jan Engelhardt (11): build: resolve link failure for ip6t_NETMAP doc: fixup omissions in ip6tables-restore.8 doc: document iptables-restore's -t option doc: document iptables-restore's -v option doc: document iptables-r...

...ded to hosts on other interfaces. The following interface options are mutually-exclusive with ''unmanaged'': - blacklist - bridge - destonly - detectnets - dhcp - maclist - nets - norfc1918 - nosmurfs - optional - routeback - rpfilter - sfilter - tcpflags - upnp - upnpclient Unmanaged interfaces may not be associated with a zone in either the interfaces or hosts files. The ''lo'' interface may not be unmanaged when there are vserver zones defined. Thank you for testing, -Tom --...

On Fri, 6 Dec 2019 at 04:40, Kenneth Porter <shiva at sewingwitch.com> wrote: > > <https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/> > Thanks for the heads up > This affects all VPNs and is a consequence of using "loose" reverse path > filtering for anti-spoofing. The default CentOS setting is

https://bugzilla.netfilter.org/show_bug.cgi?id=1221 Bug ID: 1221 Summary: "fib" produces strange results with an IPv6 default route Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5

the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table