Displaying 20 results from an estimated 24 matches for "secmarks".
Did you mean:
secmark
2024 Apr 18
3
[Bug 1749] New: netfilter/nftables secmark support limited to 255 bytes
https://bugzilla.netfilter.org/show_bug.cgi?id=1749
Bug ID: 1749
Summary: netfilter/nftables secmark support limited to 255
bytes
Product: netfilter/iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: unknown
2011 Apr 04
8
creating built-in firewall for Wine
Hello!
I want to have firewall/monitor in wine. Configuring Linux firewall is an external solution that affects all programs etc.
The idea is to create configuration file for black- and/or while- list that would be analysed by wine during connections requests. The brute way is to modify ws2_32 dll source directly, but maybe there is more accurate way.
Could you suggest where to start digging?
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based
system with dynamic provider gateways uncovered a couple of debilitating
defects in the enable/disable logic).
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based
system with dynamic provider gateways uncovered a couple of debilitating
defects in the enable/disable logic).
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in
2012 Nov 24
20
Shorewall 4.5.10 Beta 2
...SOURCE column. In such cases,
the generated rule was being placed incorrectly in the filter table
rather than in the raw table which resulted in a failure of the
''stop'' and ''clear'' commands.
New Features added since Beta 1:
1) The /etc/shorewall/secmarks and /etc/shorewall6/secmarks files now
support the UNTRACKED state. See the manpages for details.
2) The /etc/shorewall/conntrack and /etc/shorewall6/conntrack files
now support a DROP target.
As part of this change, the handling of ''all'' has been improved in...
2012 Nov 24
20
Shorewall 4.5.10 Beta 2
...SOURCE column. In such cases,
the generated rule was being placed incorrectly in the filter table
rather than in the raw table which resulted in a failure of the
''stop'' and ''clear'' commands.
New Features added since Beta 1:
1) The /etc/shorewall/secmarks and /etc/shorewall6/secmarks files now
support the UNTRACKED state. See the manpages for details.
2) The /etc/shorewall/conntrack and /etc/shorewall6/conntrack files
now support a DROP target.
As part of this change, the handling of ''all'' has been improved in...
2007 Nov 05
36
please help diagnosing "ip_conntrack: table full, dropping packet"
Hi,
I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time.
But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods.
The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it
2008 Mar 08
0
[ANNOUNCE] Release conntrack-tools 0.9.6
Hi!
The netfilter project proudly presents another development release of
the conntrack-tools. This release includes important improvements, new
features and bugfixes:
* IPv6 support and new manpage for conntrackd
* XML and timestamp support for conntrack
* secmark support
* improved performance
* support for VLAN interfaces
* support for related connections and NAT sequence adjustments
2012 Jan 05
0
[ANNOUNCE] conntrack-tools 1.0.1 release
Hi!
The Netfilter project proudly presents:
conntrack-tools 1.0.1
The conntrack-tools are a set of tools targeted at system
administrators. They are conntrack, the userspace command line
interface, and conntrackd, the userspace daemon. The tool conntrack
provides a full featured interface that is intended to replace the old
/proc/net/ip_conntrack interface. Using conntrack, you can view
2011 Jul 22
32
Shorewall 4.4.22 Beta 3
Beta 3 is now available for testing.
Corrections in this release:
1) Corrections included in Shorewall 4.4.21.1.
2) Several problems reported by Steven Springl.
The rest is largely cleanup of the new rule infrastructure.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \
2011 Jul 22
32
Shorewall 4.4.22 Beta 3
Beta 3 is now available for testing.
Corrections in this release:
1) Corrections included in Shorewall 4.4.21.1.
2) Several problems reported by Steven Springl.
The rest is largely cleanup of the new rule infrastructure.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \
2012 Sep 03
10
Shorewall 4.5.8 Beta 1
Shorewall 4.5.8 Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.7.1.
2) The restriction that TTL and HL rules could
2012 Sep 03
10
Shorewall 4.5.8 Beta 1
Shorewall 4.5.8 Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.7.1.
2) The restriction that TTL and HL rules could
2014 Apr 14
0
[ANNOUNCE]: Release of nftables 0.2
The netfilter project presents:
nftables 0.2
This release contains a rather large number of bug fixes, syntax cleanups,
new features, support for all new features contained in the recent 3.14
kernel release as well as *drumroll* documentation.
Syntax changes
==============
* More consistency in data type names
Data type names are used in set declarations. All address related types
now
2020 Jun 16
0
[PATCH v5 2/2] mm, treewide: Rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
2020 Apr 13
0
[PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
2020 Jun 16
0
[PATCH v4 2/3] mm, treewide: Rename kzfree() to kfree_sensitive()
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we really _might_ want to use that "memfill(0xdeadbeef)" or
2020 Jun 16
3
[PATCH v5 0/2] mm, treewide: Rename kzfree() to kfree_sensitive()
v5:
- Break the btrfs patch out as a separate patch to be processed
independently.
- Update the commit log of patch 1 to make it less scary.
- Add a kzfree backward compatibility macro in patch 2.
v4:
- Break out the memzero_explicit() change as suggested by Dan Carpenter
so that it can be backported to stable.
- Drop the "crypto: Remove unnecessary
2020 Jun 16
14
[PATCH v4 0/3] mm, treewide: Rename kzfree() to kfree_sensitive()
v4:
- Break out the memzero_explicit() change as suggested by Dan Carpenter
so that it can be backported to stable.
- Drop the "crypto: Remove unnecessary memzero_explicit()" patch for
now as there can be a bit more discussion on what is best. It will be
introduced as a separate patch later on after this one is merged.
This patchset makes a global rename of the kzfree()
2020 Jun 16
14
[PATCH v4 0/3] mm, treewide: Rename kzfree() to kfree_sensitive()
v4:
- Break out the memzero_explicit() change as suggested by Dan Carpenter
so that it can be backported to stable.
- Drop the "crypto: Remove unnecessary memzero_explicit()" patch for
now as there can be a bit more discussion on what is best. It will be
introduced as a separate patch later on after this one is merged.
This patchset makes a global rename of the kzfree()