Displaying 20 results from an estimated 24 matches for "secmark".
2024 Apr 18
3
[Bug 1749] New: netfilter/nftables secmark support limited to 255 bytes
https://bugzilla.netfilter.org/show_bug.cgi?id=1749
Bug ID: 1749
Summary: netfilter/nftables secmark support limited to 255
bytes
Product: netfilter/iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: unknown
Assignee: netf...
2011 Apr 04
8
creating built-in firewall for Wine
Hello!
I want to have firewall/monitor in wine. Configuring Linux firewall is an external solution that affects all programs etc.
The idea is to create configuration file for black- and/or while- list that would be analysed by wine during connections requests. The brute way is to modify ws2_32 dll source directly, but maybe there is more accurate way.
Could you suggest where to start digging?
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based
system with dynamic provider gateways uncovered a couple of debilitating
defects in the enable/disable logic).
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based
system with dynamic provider gateways uncovered a couple of debilitating
defects in the enable/disable logic).
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in
2012 Nov 24
20
Shorewall 4.5.10 Beta 2
...SOURCE column. In such cases,
the generated rule was being placed incorrectly in the filter table
rather than in the raw table which resulted in a failure of the
''stop'' and ''clear'' commands.
New Features added since Beta 1:
1) The /etc/shorewall/secmarks and /etc/shorewall6/secmarks files now
support the UNTRACKED state. See the manpages for details.
2) The /etc/shorewall/conntrack and /etc/shorewall6/conntrack files
now support a DROP target.
As part of this change, the handling of ''all'' has been improved in...
2012 Nov 24
20
Shorewall 4.5.10 Beta 2
...SOURCE column. In such cases,
the generated rule was being placed incorrectly in the filter table
rather than in the raw table which resulted in a failure of the
''stop'' and ''clear'' commands.
New Features added since Beta 1:
1) The /etc/shorewall/secmarks and /etc/shorewall6/secmarks files now
support the UNTRACKED state. See the manpages for details.
2) The /etc/shorewall/conntrack and /etc/shorewall6/conntrack files
now support a DROP target.
As part of this change, the handling of ''all'' has been improved in...
2007 Nov 05
36
please help diagnosing "ip_conntrack: table full, dropping packet"
Hi,
I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time.
But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods.
The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it
2008 Mar 08
0
[ANNOUNCE] Release conntrack-tools 0.9.6
Hi!
The netfilter project proudly presents another development release of
the conntrack-tools. This release includes important improvements, new
features and bugfixes:
* IPv6 support and new manpage for conntrackd
* XML and timestamp support for conntrack
* secmark support
* improved performance
* support for VLAN interfaces
* support for related connections and NAT sequence adjustments (helpers)
* improved statistics support
* tons of cleanups and improvements from Max Kellermann
Detailed changelog is attached.
What are the conntrack-tools?
- The userspac...
2012 Jan 05
0
[ANNOUNCE] conntrack-tools 1.0.1 release
...s/
Have fun!
-------------- next part --------------
Florian Westphal (4):
conntrack: add support for mark mask
conntrack: skip sending update message to kernel if conntrack is unchanged
testsuite: add tests for --mark option
conntrack: add missing break when parsing --id/--secmark options
Jan Engelhardt (3):
Update .gitignore
build: use AC_CONFIG_AUX_DIR and stash away tools
build: disable implicit .tar.gz archive generation and use POSIX mode
Pablo Neira Ayuso (8):
build: Linux kernel-style for compilation messages
conntrack: remove unused va...
2011 Jul 22
32
Shorewall 4.4.22 Beta 3
Beta 3 is now available for testing.
Corrections in this release:
1) Corrections included in Shorewall 4.4.21.1.
2) Several problems reported by Steven Springl.
The rest is largely cleanup of the new rule infrastructure.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \
2011 Jul 22
32
Shorewall 4.4.22 Beta 3
Beta 3 is now available for testing.
Corrections in this release:
1) Corrections included in Shorewall 4.4.21.1.
2) Several problems reported by Steven Springl.
The rest is largely cleanup of the new rule infrastructure.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \
2012 Sep 03
10
Shorewall 4.5.8 Beta 1
Shorewall 4.5.8 Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.7.1.
2) The restriction that TTL and HL rules could
2012 Sep 03
10
Shorewall 4.5.8 Beta 1
Shorewall 4.5.8 Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.7.1.
2) The restriction that TTL and HL rules could
2014 Apr 14
0
[ANNOUNCE]: Release of nftables 0.2
...next-3.14
netlink_delinearize: fix compiler warning
Merge remote-tracking branch 'origin/master' into next-3.14
Merge remote-tracking branch 'origin/master' into next-3.14
Merge remote-tracking branch 'origin/master' into next-3.14
expr: remove secmark from ct and meta expression
meta: don't require "meta" keyword for a subset of meta expressions
Merge branch 'master' into next-3.14
Merge branch 'master' into next-3.14
Merge remote-tracking branch 'origin/master' into next-3.14
M...
2020 Jun 16
0
[PATCH v5 2/2] mm, treewide: Rename kzfree() to kfree_sensitive()
...rofile->caps);
aa_free_rlimit_rules(&profile->rlimits);
for (i = 0; i < profile->xattr_count; i++)
- kzfree(profile->xattrs[i]);
- kzfree(profile->xattrs);
+ kfree_sensitive(profile->xattrs[i]);
+ kfree_sensitive(profile->xattrs);
for (i = 0; i < profile->secmark_count; i++)
- kzfree(profile->secmark[i].label);
- kzfree(profile->secmark);
- kzfree(profile->dirname);
+ kfree_sensitive(profile->secmark[i].label);
+ kfree_sensitive(profile->secmark);
+ kfree_sensitive(profile->dirname);
aa_put_dfa(profile->xmatch);
aa_put_dfa(profile...
2020 Apr 13
0
[PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive()
...rofile->caps);
aa_free_rlimit_rules(&profile->rlimits);
for (i = 0; i < profile->xattr_count; i++)
- kzfree(profile->xattrs[i]);
- kzfree(profile->xattrs);
+ kfree_sensitive(profile->xattrs[i]);
+ kfree_sensitive(profile->xattrs);
for (i = 0; i < profile->secmark_count; i++)
- kzfree(profile->secmark[i].label);
- kzfree(profile->secmark);
- kzfree(profile->dirname);
+ kfree_sensitive(profile->secmark[i].label);
+ kfree_sensitive(profile->secmark);
+ kfree_sensitive(profile->dirname);
aa_put_dfa(profile->xmatch);
aa_put_dfa(profile...
2020 Jun 16
0
[PATCH v4 2/3] mm, treewide: Rename kzfree() to kfree_sensitive()
...rofile->caps);
aa_free_rlimit_rules(&profile->rlimits);
for (i = 0; i < profile->xattr_count; i++)
- kzfree(profile->xattrs[i]);
- kzfree(profile->xattrs);
+ kfree_sensitive(profile->xattrs[i]);
+ kfree_sensitive(profile->xattrs);
for (i = 0; i < profile->secmark_count; i++)
- kzfree(profile->secmark[i].label);
- kzfree(profile->secmark);
- kzfree(profile->dirname);
+ kfree_sensitive(profile->secmark[i].label);
+ kfree_sensitive(profile->secmark);
+ kfree_sensitive(profile->dirname);
aa_put_dfa(profile->xmatch);
aa_put_dfa(profile...
2020 Jun 16
3
[PATCH v5 0/2] mm, treewide: Rename kzfree() to kfree_sensitive()
v5:
- Break the btrfs patch out as a separate patch to be processed
independently.
- Update the commit log of patch 1 to make it less scary.
- Add a kzfree backward compatibility macro in patch 2.
v4:
- Break out the memzero_explicit() change as suggested by Dan Carpenter
so that it can be backported to stable.
- Drop the "crypto: Remove unnecessary
2020 Jun 16
14
[PATCH v4 0/3] mm, treewide: Rename kzfree() to kfree_sensitive()
v4:
- Break out the memzero_explicit() change as suggested by Dan Carpenter
so that it can be backported to stable.
- Drop the "crypto: Remove unnecessary memzero_explicit()" patch for
now as there can be a bit more discussion on what is best. It will be
introduced as a separate patch later on after this one is merged.
This patchset makes a global rename of the kzfree()
2020 Jun 16
14
[PATCH v4 0/3] mm, treewide: Rename kzfree() to kfree_sensitive()
v4:
- Break out the memzero_explicit() change as suggested by Dan Carpenter
so that it can be backported to stable.
- Drop the "crypto: Remove unnecessary memzero_explicit()" patch for
now as there can be a bit more discussion on what is best. It will be
introduced as a separate patch later on after this one is merged.
This patchset makes a global rename of the kzfree()