Displaying 2 results from an estimated 2 matches for "trustiosity".
2016 Jun 28
1
[Bug 1077] New: New traffic reduces conntrack timeout
...oduct: netfilter/iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: nf_conntrack
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: zrm at trustiosity.com
The code intended to extend the conntrack timeout in the event of new traffic
doesn't check the existing timeout, so if the existing timeout was already
longer than the default, the timeout is reduced.
Example scenario: Default UDP timeout is three minutes (after SEEN_REPLY). The
timeout...
2019 Jun 08
2
[Bug 1342] New: IPv6 NAT translates to addresses outside of specified range
...netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: NAT
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: zrm at trustiosity.com
Take a rule like this:
ip6tables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
1000::1:ffff:ffff-1000::2:0:0
The kernel was then observed choosing the address 1000::2:ffff:ffff as the
translation, which is outside the specified range.
This is the code in find_best_ips_proto() in nf_nat_...