search for: ruleset

...Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: netfilter at allycomm.com At least as the man page describes, the output of # nft list ruleset > ruleset.prod should be parseable by # nft -f ruleset.prod and provide restoration of the state at the time. "Note that contrary to what one might assume, the output generated by export is not parseable by nft -f. Instead, the output of list command serves well for that purpose.&...

...r form that is dynamically generated using Ajax. I have the following code: <div id="race_table"> &nbsp; </div> <%= form_remote_tag(:update => "race_table", :url => { :action => "update_races" }) %> <table> <tr> <td>Ruleset:</td> <td><%= select(:post, :ruleset, @rulesets) %></td> </tr> <tr> <td colspan="2"><%= submit_tag "Find Races" %></td> </tr> </table> <%= end_form_tag %> Which has been changed umpteen times, but this...

...------------------------------------------------------------- Item Set Report Function ----------------------------------------------------------------------*/ static void _report_R (int *ids, int cnt, int supp, int *tal, void *data) { (...) if (flags & OF_LIST) { vec1 = (int*)realloc(ruleset->trnb, size1 *sizeof(int)); if (!vec1) { if (vec) free(vec); if (vec2) free(vec2); _cleanup(); error(msg(E_NOMEM));} ruleset->trnb = vec1; } (...) if (flags & OF_LIST) { /* if to list the transactions, */ h = ruleset->trtotal; if (supp <...

https://bugzilla.netfilter.org/show_bug.cgi?id=1195 Bug ID: 1195 Summary: 'list ruleset' of 'nft -f' outputs garbage while 'nft list ruleset' seems to work. Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5...

https://bugzilla.netfilter.org/show_bug.cgi?id=1349 Bug ID: 1349 Summary: "nft list ruleset" shows rules twice Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at netfilter.org...

https://bugzilla.netfilter.org/show_bug.cgi?id=1130 Bug ID: 1130 Summary: Better handling DNS names in nft ruleset Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: pascal.ernster+bugzilla....

...rity: blocker Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: larkwang at gmail.com We are switching from openvpn to strongswan (ipsec) for our branch offices to headquarter VPN link. We use nftables for better performance and clean ruleset. The ruleset is -----snip----- #!/usr/sbin/nft -f flush ruleset table inet filter { set allowed_addr { type ipv4_addr elements = { <about 40+ IPs> } } set allowed_port { type inet_service elements = { 8...

...tfilter.org Reporter: netfilter at morp.org Summary ------- To evaluate the atomicity/stability of nftables, I set up the following experiment: - Created two distinct sets of rules, R1 and R2 oaded via `nft -f` - In two different screens, started two processes to constantly re-load the rulesets with no pause between reloads - Created a small script that would dump the currently active ruleset and save it to a file, named after the hashed ruleset contents The expectation is that the `nft list ruleset` output would always display either R1 or R2 - no empty ruleset, or a cross between R1...

...icult to find and resolve the case of the problem. This is further compounded by the lack of documentation on length of identifiers. A typical set of error message looks like: $ sudo nft -c -f nftables.conf nftables.conf:3:1-14: Error: Could not process rule: No such file or directory flush ruleset ^^^^^^^^^^^^^^ nftables.conf:3:1-14: Error: Could not process rule: No such file or directory flush ruleset ^^^^^^^^^^^^^^ nftables.conf:3:1-14: Error: Could not process rule: No such file or directory flush ruleset ^^^^^^^^^^^^^^ nftables.conf:3:1-14: Error: Could not process rule: No such file or...

Hi, [I have added freebsd-security to recipient list as I consider this issue a security risk] Paul Schenkeveld wrote: > Hello, > > On Fri, Jul 14, 2006 at 01:26:38PM +0300, Ari Suutari wrote: >> Hi, >> >> Does anyone know if there are any plans to bring >> pf boot-time protection (ie. /etc/rc.d/pf_boot and >> related config files) from NetBSD to FreeBSD

Hi all: I have strange probelm with rc.conf. I set up ipfw (compiled into kernel) on freebsd-5.4 and it doesn't seem to load ipfw rulesets (it uses default ruleset 65335 locking out everything). I have to do "sh /etc/ipfw.rules" in order to load the rulesets, once I did that, I can access the box from remote locations here is my rc.conf: host# more /etc/rc.conf network_interfaces="lo0 em0 dc0 rl0 plip0" kern_se...

http://bugzilla.netfilter.org/show_bug.cgi?id=580 Summary: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1 Component: iptables-save AssignedTo: laforge at netfilter...

...Component: nft Assignee: pablo at netfilter.org Reporter: arturo at debian.org Bug reported in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933621 Original message follows: I found a parser bug when experimenting with concatenations: # nft 'flush ruleset; table a; chain a b; a b iifname . oifname p . q; list ruleset' BUG: invalid expression type concat nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed. Aborted (core dumped) # nft 'flush ruleset; table a; chain a b; a b iifname . oifname != p . q; list...

https://bugzilla.netfilter.org/show_bug.cgi?id=1093 Bug ID: 1093 Summary: 'Flush ruleset' is undocumented Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Re...

https://bugzilla.netfilter.org/show_bug.cgi?id=1382 Bug ID: 1382 Summary: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority: P5 Component: nft...

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: abrian at...

https://bugzilla.netfilter.org/show_bug.cgi?id=1477 Bug ID: 1477 Summary: Unable to use saved ruleset when using dynamic sets Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: su...

https://bugzilla.netfilter.org/show_bug.cgi?id=1706 Bug ID: 1706 Summary: Nft is slow when loading ruleset with lots of add element calls of different interval maps Product: nftables Version: 1.0.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft...

https://bugzilla.netfilter.org/show_bug.cgi?id=1325 Bug ID: 1325 Summary: Reproducible NULL ptr deref upon checking trivial nftables ruleset in Linux 5.0 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: kfm at...

https://bugzilla.netfilter.org/show_bug.cgi?id=1118 Bug ID: 1118 Summary: nft: nft -f and nft list ruleset use different sets of service -> port mappings Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee:...