Displaying 20 results from an estimated 1000 matches similar to: "[Bug 616] New: Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment."
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-07-09 15:56:45 CEST ---
(In reply to comment #7)
> It is the duty of the software to properly execute that policy. Here, the
> software fails to do so because it produces duplicate redundant rules which are
> never used.
And where is it documented that the software
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |WONTFIX
--- Comment #10 from Phil Oester
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #9 from - <kd6lvw at yahoo.com> 2013-07-09 19:56:29 CEST ---
RE: Comment #7: "It seems your best solution is to add a single rule with
208.83.136.0/22."
Yet, it adds THREE rules, two of which will never fire, thus the problem and
bug report.
Extend your quota example: When the first rule reaches the quota, it will
2013 Jul 08
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-07-08 23:33:07 CEST ---
As noted, #2 is solved already. Also, /128 will no longer print (commit
945353a2).
But your #1 makes little sense to me: discovery.razor.cloudmark.com/22. How
do you know that EVERY IP returned from a DNS lookup is always going to be a
/22 mask?
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #6 from Phil Oester <netfilter at linuxace.com> 2013-07-09 03:50:27 CEST ---
Yes, I fully understand what is happening in the one specific example you have
provided. However you need to answer what happens if Cloudmark suddenly
decides to add an IP _OUTSIDE_ of that /22 that is assigned to them. Let's say
they open a new
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #5 from - <kd6lvw at yahoo.com> 2013-07-09 03:45:06 CEST ---
Re: Comment #4. One doesn't know what the addresses are until they are
retrieved from the DNS. The point is that the routines which generate the
rules are NOT checking the values AFTER the CIDR netmask is applied to
eliminate POST-MASK duplicate answers. The
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #7 from - <kd6lvw at yahoo.com> 2013-07-09 09:35:30 CEST ---
Re: Comment #6 - It is up to the author of the ruleset to determine policy. It
is the duty of the software to properly execute that policy. Here, the
software fails to do so because it produces duplicate redundant rules which are
never used.
Note that iptables-save
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #11 from - <kd6lvw at yahoo.com> 2013-07-09 21:48:05 CEST ---
I fully disagree that the addition of duplicate rules that will never be
reached is part of the design. As a waste of memory allocation, it is
inefficient and therefore incorrect. The use of a hostname in place of an IP
address literal should not have any effect in
2013 Jun 21
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-06-21
2009 Jun 07
2
[Bug 597] New: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix)
http://bugzilla.netfilter.org/show_bug.cgi?id=597
Summary: ip6tables connlimit - cannot set CIDR greater than 32
(includes fix)
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P1
Component: ip6tables
AssignedTo: laforge
2011 Apr 03
6
[Bug 713] New: CPPFLAGS are mishandled which breaks non-shared targets
http://bugzilla.netfilter.org/show_bug.cgi?id=713
Summary: CPPFLAGS are mishandled which breaks non-shared targets
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: unknown
AssignedTo: netfilter-buglog at
2011 Jun 07
4
[Bug 720] New: iptables no longer compiles for Linux 2.4 because it uses linux/magic.h
http://bugzilla.netfilter.org/show_bug.cgi?id=720
Summary: iptables no longer compiles for Linux 2.4 because it
uses linux/magic.h
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P3
Component: iptables
AssignedTo:
2011 Jul 29
2
[Bug 732] New: Iptables 1.4.11 or 1.4.12 does not compile on CentOS 5.6
http://bugzilla.netfilter.org/show_bug.cgi?id=732
Summary: Iptables 1.4.11 or 1.4.12 does not compile on CentOS 5.6
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: RedHat Linux
Status: NEW
Severity: critical
Priority: P1
Component: ip_tables (kernel)
AssignedTo:
2011 Jul 02
4
[Bug 727] New: Open your firewall by a simple typo
http://bugzilla.netfilter.org/show_bug.cgi?id=727
Summary: Open your firewall by a simple typo
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy:
2011 Mar 07
3
[Bug 707] New: Trivial SNAT manpage error
http://bugzilla.netfilter.org/show_bug.cgi?id=707
Summary: Trivial SNAT manpage error
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: trivial
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy:
2011 Jun 15
2
[Bug 724] New: Iptables doesn't delete rules matching if target is RATEEST - patch attached
http://bugzilla.netfilter.org/show_bug.cgi?id=724
Summary: Iptables doesn't delete rules matching if target is
RATEEST - patch attached
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: iptables
[Bug 762] New: The lastest snapshot iptables compiled error"ERROR: ld.so: object 'libxtables.so.7' "
2011 Nov 28
2
[Bug 762] New: The lastest snapshot iptables compiled error"ERROR: ld.so: object 'libxtables.so.7' "
http://bugzilla.netfilter.org/show_bug.cgi?id=762
Summary: The lastest snapshot iptables compiled error"ERROR:
ld.so: object 'libxtables.so.7' "
Product: iptables
Version: unspecified
Platform: arm
OS/Version: Ubuntu
Status: NEW
Severity: major
Priority: P5
Component:
2011 Jul 13
4
[Bug 728] New: ip_tables: limit match: invalid size 40!=48
http://bugzilla.netfilter.org/show_bug.cgi?id=728
Summary: ip_tables: limit match: invalid size 40!=48
Product: netfilter/iptables
Version: linux-2.6.x
Platform: mips64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: critical
Priority: P2
Component: ip_tables (kernel)
AssignedTo:
2009 Mar 18
4
[Bug 586] New: Problems changing the source address of a packet
http://bugzilla.netfilter.org/show_bug.cgi?id=586
Summary: Problems changing the source address of a packet
Product: libnetfilter_queue
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: blocker
Priority: P1
Component: libnetfilter_queue
AssignedTo: laforge at netfilter.org
2011 Jun 13
2
[Bug 723] New: extensions/libxt_NFLOG.man definines invalid range for --nflog-group
http://bugzilla.netfilter.org/show_bug.cgi?id=723
Summary: extensions/libxt_NFLOG.man definines invalid range for -
-nflog-group
Product: iptables
Version: CVS (please indicate timestamp)
Platform: All
OS/Version: All
Status: NEW
Severity: trivial
Priority: P5
Component: iptables