Displaying 20 results from an estimated 10000 matches similar to: "Shorewall 4.5.7"
2013 Oct 08
2
Bug with H323 helper? Shorewall 4.5.16.1 as packaged up for Debian.
Hi all.
I can''t seem to get the h323 connection tracking configured correctly for Shorewall.
I am using the Debian Shorewall 4.5.16.1 package.
I am running a Debian 3.9 kernel like so:
# uname -a
Linux gw 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux
My version of iptables is:
# iptables -V
iptables v1.4.20
If I add the following rule in the /etc/shorewall/tcrules file to
2012 Mar 27
0
[ANNOUNCE] Netfilter releases: iptables 1.4.13, nfacct 1.0.0 and libnetfilter_acct 1.0.0
Hi!
The Netfilter project proudly presents:
iptables 1.4.13
nfacct 1.0.0
libnetfilter_acct 1.0.0
Changes in iptables include:
* rpfilter support from Florian Westphal.
* IPv6 ECN capable version from Patrick McHardy.
* a couple of fixes for internal libiptc library.
* fix leaking file descriptor to avoid annoying log messsages in SELinux from
Maciej enczykowski.
* nfacct match
2014 May 19
1
[Bug 942] New: ct: timeout, ctevents, expevents and zone is not supported in nft
https://bugzilla.netfilter.org/show_bug.cgi?id=942
Summary: ct: timeout, ctevents, expevents and zone is not
supported in nft
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo:
2017 Apr 15
0
connection state tracking with DNS [was Primary DNS...]
On 04/11/2017 04:16 PM, Alice Wonder wrote:
> Hi, I would like to see this addressed.
> Is there a firewalld solution to this issue?
Yes:
# Disable connection tracking for UDP DNS traffic
#
https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m
conntrack --ctstate UNTRACKED -j ACCEPT
firewall-cmd
2013 Aug 06
0
[ANNOUNCE] conntrack-tools 1.4.2 release
Hi!
The Netfilter project proudly presents:
conntrack-tools 1.4.2
The conntrack-tools are the userspace command line interface
`conntrack' and the userspace daemon `conntrackd'. The conntrack
utility replaces the old /proc/net/nf_conntrack interface. With
conntrack, you can dump, modify and delete entries from the connection
tracking state table from userspace. On the other
2013 Mar 03
0
[ANNOUNCE] conntrack-tools 1.4.1 release
Hi!
The Netfilter project proudly presents:
conntrack-tools 1.4.1
The conntrack-tools are the userspace command line interface
`conntrack' and the userspace daemon `conntrackd'. The conntrack
utility replaces the old /proc/net/nf_conntrack interface. With
conntrack, you can dump, modify and delete entries from the connection
tracking state table from userspace. On the other
2012 Nov 24
20
Shorewall 4.5.10 Beta 2
Beta 2 is now available for testing.
Problems Corrected since Beta 1:
1) References to the obsolete USE_ACTIONS option have been removed
from the manpages.
2) NFLOG has been documented for some time as a valid ACTION in the
rules files but support for that action was never implemented
until this release.
3) The Checksum Target capability detection in the rules compiler was
2012 Nov 24
20
Shorewall 4.5.10 Beta 2
Beta 2 is now available for testing.
Problems Corrected since Beta 1:
1) References to the obsolete USE_ACTIONS option have been removed
from the manpages.
2) NFLOG has been documented for some time as a valid ACTION in the
rules files but support for that action was never implemented
until this release.
3) The Checksum Target capability detection in the rules compiler was
2013 Dec 24
3
[Bug 882] New: The conntrack-tools archive contains some leftovers from a patch run
https://bugzilla.netfilter.org/show_bug.cgi?id=882
Summary: The conntrack-tools archive contains some leftovers
from a patch run
Product: conntrack-tools
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: trivial
Priority: P5
Component: conntrack-daemon
2012 Jun 17
0
[ANNOUNCE] ulogd 2.0.0 release
Hi!
The Netfilter project proudly presents:
ulogd 2.0.0
ulogd is a userspace logging daemon for netfilter/iptables related
logging. This includes per-packet logging of security violations,
per-packet logging for accounting, per-flow logging and flexible
user-defined accounting.
ulogd was almost entirely written by Harald Welte, with contributions
from fellow hackers such as Pablo Neira
2020 Apr 01
0
[ANNOUNCE] conntrack-tools 1.4.6
Hi!
The Netfilter project proudly presents:
conntrack-tools 1.4.6
The conntrack-tools are a set of tools targeted at system
administrators. They are conntrack, the userspace command line
interface, and conntrackd, the userspace daemon. The tool conntrack
provides a full featured interface that is intended to replace the old
/proc/net/ip_conntrack interface. Using conntrack, you can view
2016 Dec 20
0
[ANNOUNCE] nftables 0.7 release
Hi!
The Netfilter project proudly presents:
nftables 0.7
This release contains many accumulated bug fixes and new features
available up to the (upcoming) Linux 4.10-rc1 kernel release.
* Facilitate migration from iptables to nftables:
At compilation time, you have to pass this option.
# ./configure --with-xtables
And libxtables needs to be installed in your system. This allows
2020 Jul 24
1
[Bug 1445] New: conntrackd: segfaults when not disabling internal cache
https://bugzilla.netfilter.org/show_bug.cgi?id=1445
Bug ID: 1445
Summary: conntrackd: segfaults when not disabling internal
cache
Product: conntrack-tools
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: critical
Priority: P5
2006 Oct 06
0
[Bug 522] New: SIP helper(?) mangles packets even when inactive
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=522
Summary: SIP helper(?) mangles packets even when inactive
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: unknown
AssignedTo: laforge@netfilter.org
2016 Apr 14
0
[Bug 1062] New: Kernel IPv6 event filtering not working
https://bugzilla.netfilter.org/show_bug.cgi?id=1062
Bug ID: 1062
Summary: Kernel IPv6 event filtering not working
Product: conntrack-tools
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: conntrack-daemon
Assignee:
2006 Sep 17
0
Weird DNAT + passive FTP bug
Hello,
I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated
constellation. It''s possible that XEN is also involved in this, but I''m
not sure.
What I''m trying to do is have XEN guest domains on a host, connected via
a bridge into a private network. The the privileged domain attaches to
this private network and acts as a NAT router to connect
2018 Jan 10
5
[Bug 1213] New: Nft stateless NAT (NOTRACK)
https://bugzilla.netfilter.org/show_bug.cgi?id=1213
Bug ID: 1213
Summary: Nft stateless NAT (NOTRACK)
Product: nftables
Version: unspecified
Hardware: All
OS: Ubuntu
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter:
2012 Jan 16
4
conntrack entries established before nat
Typically (or at least somewhat occasionally) after a reboot of my
shorewall[-lite] machine I find that I end up with conntrack table
entries for unNATted connections such as:
# conntrack -L -p udp --dport 5060 -d 99.232.11.14
udp 17 59 src=10.75.22.8 dst=99.232.11.14 sport=5060 dport=5060 packets=5472 bytes=3031488 [UNREPLIED] src=99.232.11.14 dst=10.75.22.8 sport=5060 dport=5060 packets=0
2013 Jun 10
0
Shorewall 4.5.18 Beta 2
Beta 2 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes all defect repair from Shorewall 4.5.17.1.
2) The following warning message could be emitted
2013 Jun 26
5
[Bug 830] New: 關於iptables影響服務器性能事宜
https://bugzilla.netfilter.org/show_bug.cgi?id=830
Summary: ??iptables?????????
Product: iptables
Version: unspecified
Platform: All
OS/Version: RedHat Linux
Status: NEW
Severity: major
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: higkoohk