Displaying 20 results from an estimated 10000 matches similar to: "PF - pf not loading non-persist tables from main ruleset on 8.3-PRERELEASE"
2006 Jan 26
0
stateful rulesets with PF
I've read a bit about how keeping state works with PF and written
rulesets which look logical to me, but present some problems
intermittently. I believe it has to do with the creation of state
entries, and how PF judges what to do in any case.
> pass in quick on em0 from <trusted> to port any port = 3306 keep state
As I understood it, because I did not specify any flags such as
2023 Sep 19
3
[Bug 1706] New: Nft is slow when loading ruleset with lots of add element calls of different interval maps
https://bugzilla.netfilter.org/show_bug.cgi?id=1706
Bug ID: 1706
Summary: Nft is slow when loading ruleset with lots of add
element calls of different interval maps
Product: nftables
Version: 1.0.x
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority:
2006 Mar 16
1
pf: synproxy broken
Hello
from ealier 6.0 there is problem with synproxy in pf filter:
this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006
pf.conf just with single rule
pass in quick on lo0 proto tcp from any to any port 22 flags S/SA synproxy state
result
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
and it's hangs
pfctl -s rules -v
No ALTQ support in
2017 Oct 21
3
[Bug 1195] New: 'list ruleset' of 'nft -f' outputs garbage while 'nft list ruleset' seems to work.
https://bugzilla.netfilter.org/show_bug.cgi?id=1195
Bug ID: 1195
Summary: 'list ruleset' of 'nft -f' outputs garbage while 'nft
list ruleset' seems to work.
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
2006 Jan 25
0
FreeBSD Security Advisory FreeBSD-SA-06:07.pf
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:07.pf Security Advisory
The FreeBSD Project
Topic: IP fragment handling panic in pf(4)
Category: contrib
Module: sys_contrib
Announced:
2006 Jan 25
0
FreeBSD Security Advisory FreeBSD-SA-06:07.pf
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:07.pf Security Advisory
The FreeBSD Project
Topic: IP fragment handling panic in pf(4)
Category: contrib
Module: sys_contrib
Announced:
2019 Jul 05
2
[Bug 1349] New: "nft list ruleset" shows rules twice
https://bugzilla.netfilter.org/show_bug.cgi?id=1349
Bug ID: 1349
Summary: "nft list ruleset" shows rules twice
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: minor
Priority: P5
Component: nft
Assignee: pablo at
2017 Mar 14
4
[Bug 1130] New: Better handling DNS names in nft ruleset
https://bugzilla.netfilter.org/show_bug.cgi?id=1130
Bug ID: 1130
Summary: Better handling DNS names in nft ruleset
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
2018 May 06
3
[Bug 1256] New: Default ruleset files with tables are no longer installed after 0.8.3 version
https://bugzilla.netfilter.org/show_bug.cgi?id=1256
Bug ID: 1256
Summary: Default ruleset files with tables are no longer
installed after 0.8.3 version
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
Priority: P5
2020 Oct 26
3
[Bug 1477] New: Unable to use saved ruleset when using dynamic sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1477
Bug ID: 1477
Summary: Unable to use saved ruleset when using dynamic sets
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at
2009 Feb 26
1
[Bug 580] New: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
http://bugzilla.netfilter.org/show_bug.cgi?id=580
Summary: iptables-restore and iptables-save lack comparison of a
saved ruleset against the currently deployed rules
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P1
2019 Mar 07
6
[Bug 1325] New: Reproducible NULL ptr deref upon checking trivial nftables ruleset in Linux 5.0
https://bugzilla.netfilter.org/show_bug.cgi?id=1325
Bug ID: 1325
Summary: Reproducible NULL ptr deref upon checking trivial
nftables ruleset in Linux 5.0
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: normal
Priority: P5
2017 Feb 06
4
[Bug 1118] New: nft: nft -f and nft list ruleset use different sets of service -> port mappings
https://bugzilla.netfilter.org/show_bug.cgi?id=1118
Bug ID: 1118
Summary: nft: nft -f and nft list ruleset use different sets of
service -> port mappings
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
2016 Oct 24
4
[Bug 1093] New: 'Flush ruleset' is undocumented
https://bugzilla.netfilter.org/show_bug.cgi?id=1093
Bug ID: 1093
Summary: 'Flush ruleset' is undocumented
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at
2020 Aug 19
2
[Bug 1450] New: Using certain simple set combinations with TCP flags causes error in mergesort.c from nft list ruleset
https://bugzilla.netfilter.org/show_bug.cgi?id=1450
Bug ID: 1450
Summary: Using certain simple set combinations with TCP flags
causes error in mergesort.c from nft list ruleset
Product: nftables
Version: unspecified
Hardware: arm
OS: Ubuntu
Status: NEW
Severity: normal
2020 Apr 27
2
[Bug 1424] New: v0.9.0: segfault when using nft -f <file> and issuing "ruleset flush" twice
https://bugzilla.netfilter.org/show_bug.cgi?id=1424
Bug ID: 1424
Summary: v0.9.0: segfault when using nft -f <file> and issuing
"ruleset flush" twice
Product: nftables
Version: unspecified
Hardware: All
OS: Debian GNU/Linux
Status: NEW
Severity: normal
2006 Mar 28
1
Problems with pf + ftp-proxy on gateway
I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine.
I have this line on inetd.conf:
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy
ftp-proxy -n
And this lines on pf.conf:
rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port ftp-proxy
pass in quick on $ext_if inet proto tcp from any port ftp-data to
$ext_if:0 user proxy flags S/SA keep
2019 Nov 12
6
[Bug 1382] New: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535
https://bugzilla.netfilter.org/show_bug.cgi?id=1382
Bug ID: 1382
Summary: nftables.py cmd leaking memory when ruleset contain
mapping ip length to range with high limit 65535
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
2018 Feb 01
4
[Bug 1222] New: nft list ruleset – infinite memory use
https://bugzilla.netfilter.org/show_bug.cgi?id=1222
Bug ID: 1222
Summary: nft list ruleset – infinite memory use
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
2020 Sep 09
5
[Bug 1463] New: nft --json table list ruleset crashes
https://bugzilla.netfilter.org/show_bug.cgi?id=1463
Bug ID: 1463
Summary: nft --json table list ruleset crashes
Product: nftables
Version: unspecified
Hardware: All
OS: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org