search for: secmarks

https://bugzilla.netfilter.org/show_bug.cgi?id=1749 Bug ID: 1749 Summary: netfilter/nftables secmark support limited to 255 bytes Product: netfilter/iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: unknown

Hello! I want to have firewall/monitor in wine. Configuring Linux firewall is an external solution that affects all programs etc. The idea is to create configuration file for black- and/or while- list that would be analysed by wine during connections requests. The brute way is to modify ws2_32 dll source directly, but maybe there is more accurate way. Could you suggest where to start digging?

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

...SOURCE column. In such cases, the generated rule was being placed incorrectly in the filter table rather than in the raw table which resulted in a failure of the ''stop'' and ''clear'' commands. New Features added since Beta 1: 1) The /etc/shorewall/secmarks and /etc/shorewall6/secmarks files now support the UNTRACKED state. See the manpages for details. 2) The /etc/shorewall/conntrack and /etc/shorewall6/conntrack files now support a DROP target. As part of this change, the handling of ''all'' has been improved in...

...SOURCE column. In such cases, the generated rule was being placed incorrectly in the filter table rather than in the raw table which resulted in a failure of the ''stop'' and ''clear'' commands. New Features added since Beta 1: 1) The /etc/shorewall/secmarks and /etc/shorewall6/secmarks files now support the UNTRACKED state. See the manpages for details. 2) The /etc/shorewall/conntrack and /etc/shorewall6/conntrack files now support a DROP target. As part of this change, the handling of ''all'' has been improved in...

Hi, I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it

Hi! The netfilter project proudly presents another development release of the conntrack-tools. This release includes important improvements, new features and bugfixes: * IPv6 support and new manpage for conntrackd * XML and timestamp support for conntrack * secmark support * improved performance * support for VLAN interfaces * support for related connections and NAT sequence adjustments

Hi! The Netfilter project proudly presents: conntrack-tools 1.0.1 The conntrack-tools are a set of tools targeted at system administrators. They are conntrack, the userspace command line interface, and conntrackd, the userspace daemon. The tool conntrack provides a full featured interface that is intended to replace the old /proc/net/ip_conntrack interface. Using conntrack, you can view

Beta 3 is now available for testing. Corrections in this release: 1) Corrections included in Shorewall 4.4.21.1. 2) Several problems reported by Steven Springl. The rest is largely cleanup of the new rule infrastructure. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \

Beta 3 is now available for testing. Corrections in this release: 1) Corrections included in Shorewall 4.4.21.1. 2) Several problems reported by Steven Springl. The rest is largely cleanup of the new rule infrastructure. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

The netfilter project presents: nftables 0.2 This release contains a rather large number of bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.14 kernel release as well as *drumroll* documentation. Syntax changes ============== * More consistency in data type names Data type names are used in set declarations. All address related types now

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or

v5: - Break the btrfs patch out as a separate patch to be processed independently. - Update the commit log of patch 1 to make it less scary. - Add a kzfree backward compatibility macro in patch 2. v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary

v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary memzero_explicit()" patch for now as there can be a bit more discussion on what is best. It will be introduced as a separate patch later on after this one is merged. This patchset makes a global rename of the kzfree()

v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary memzero_explicit()" patch for now as there can be a bit more discussion on what is best. It will be introduced as a separate patch later on after this one is merged. This patchset makes a global rename of the kzfree()