similar to: Shorewall 4.5.7

Hi all. I can''t seem to get the h323 connection tracking configured correctly for Shorewall. I am using the Debian Shorewall 4.5.16.1 package. I am running a Debian 3.9 kernel like so: # uname -a Linux gw 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux My version of iptables is: # iptables -V iptables v1.4.20 If I add the following rule in the /etc/shorewall/tcrules file to

Hi! The Netfilter project proudly presents: iptables 1.4.13 nfacct 1.0.0 libnetfilter_acct 1.0.0 Changes in iptables include: * rpfilter support from Florian Westphal. * IPv6 ECN capable version from Patrick McHardy. * a couple of fixes for internal libiptc library. * fix leaking file descriptor to avoid annoying log messsages in SELinux from Maciej enczykowski. * nfacct match

https://bugzilla.netfilter.org/show_bug.cgi?id=942 Summary: ct: timeout, ctevents, expevents and zone is not supported in nft Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo:

On 04/11/2017 04:16 PM, Alice Wonder wrote: > Hi, I would like to see this addressed. > Is there a firewalld solution to this issue? Yes: # Disable connection tracking for UDP DNS traffic # https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m conntrack --ctstate UNTRACKED -j ACCEPT firewall-cmd

Hi! The Netfilter project proudly presents: conntrack-tools 1.4.2 The conntrack-tools are the userspace command line interface `conntrack' and the userspace daemon `conntrackd'. The conntrack utility replaces the old /proc/net/nf_conntrack interface. With conntrack, you can dump, modify and delete entries from the connection tracking state table from userspace. On the other

Hi! The Netfilter project proudly presents: conntrack-tools 1.4.1 The conntrack-tools are the userspace command line interface `conntrack' and the userspace daemon `conntrackd'. The conntrack utility replaces the old /proc/net/nf_conntrack interface. With conntrack, you can dump, modify and delete entries from the connection tracking state table from userspace. On the other

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

https://bugzilla.netfilter.org/show_bug.cgi?id=882 Summary: The conntrack-tools archive contains some leftovers from a patch run Product: conntrack-tools Version: unspecified Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: conntrack-daemon

Hi! The Netfilter project proudly presents: ulogd 2.0.0 ulogd is a userspace logging daemon for netfilter/iptables related logging. This includes per-packet logging of security violations, per-packet logging for accounting, per-flow logging and flexible user-defined accounting. ulogd was almost entirely written by Harald Welte, with contributions from fellow hackers such as Pablo Neira

Hi! The Netfilter project proudly presents: conntrack-tools 1.4.6 The conntrack-tools are a set of tools targeted at system administrators. They are conntrack, the userspace command line interface, and conntrackd, the userspace daemon. The tool conntrack provides a full featured interface that is intended to replace the old /proc/net/ip_conntrack interface. Using conntrack, you can view

Hi! The Netfilter project proudly presents: nftables 0.7 This release contains many accumulated bug fixes and new features available up to the (upcoming) Linux 4.10-rc1 kernel release. * Facilitate migration from iptables to nftables: At compilation time, you have to pass this option. # ./configure --with-xtables And libxtables needs to be installed in your system. This allows

https://bugzilla.netfilter.org/show_bug.cgi?id=1445 Bug ID: 1445 Summary: conntrackd: segfaults when not disabling internal cache Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: critical Priority: P5

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=522 Summary: SIP helper(?) mangles packets even when inactive Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: laforge@netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1062 Bug ID: 1062 Summary: Kernel IPv6 event filtering not working Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: conntrack-daemon Assignee:

Hello, I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated constellation. It''s possible that XEN is also involved in this, but I''m not sure. What I''m trying to do is have XEN guest domains on a host, connected via a bridge into a private network. The the privileged domain attaches to this private network and acts as a NAT router to connect

https://bugzilla.netfilter.org/show_bug.cgi?id=1213 Bug ID: 1213 Summary: Nft stateless NAT (NOTRACK) Product: nftables Version: unspecified Hardware: All OS: Ubuntu Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

Typically (or at least somewhat occasionally) after a reboot of my shorewall[-lite] machine I find that I end up with conntrack table entries for unNATted connections such as: # conntrack -L -p udp --dport 5060 -d 99.232.11.14 udp 17 59 src=10.75.22.8 dst=99.232.11.14 sport=5060 dport=5060 packets=5472 bytes=3031488 [UNREPLIED] src=99.232.11.14 dst=10.75.22.8 sport=5060 dport=5060 packets=0

Beta 2 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair from Shorewall 4.5.17.1. 2) The following warning message could be emitted

https://bugzilla.netfilter.org/show_bug.cgi?id=830 Summary: ??iptables????????? Product: iptables Version: unspecified Platform: All OS/Version: RedHat Linux Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: higkoohk