Displaying 20 results from an estimated 10000 matches similar to: "[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment."
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |WONTFIX
--- Comment #10 from Phil Oester
2013 Jul 08
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-07-08 23:33:07 CEST ---
As noted, #2 is solved already. Also, /128 will no longer print (commit
945353a2).
But your #1 makes little sense to me: discovery.razor.cloudmark.com/22. How
do you know that EVERY IP returned from a DNS lookup is always going to be a
/22 mask?
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #6 from Phil Oester <netfilter at linuxace.com> 2013-07-09 03:50:27 CEST ---
Yes, I fully understand what is happening in the one specific example you have
provided. However you need to answer what happens if Cloudmark suddenly
decides to add an IP _OUTSIDE_ of that /22 that is assigned to them. Let's say
they open a new
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-07-09 15:56:45 CEST ---
(In reply to comment #7)
> It is the duty of the software to properly execute that policy. Here, the
> software fails to do so because it produces duplicate redundant rules which are
> never used.
And where is it documented that the software
2009 Oct 20
1
[Bug 616] New: Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
http://bugzilla.netfilter.org/show_bug.cgi?id=616
Summary: Duplicate rules for multi-homed hostnames. IPv4 and IPv6
inconsistent treatment.
Product: iptables
Version: unspecified
Platform: i386
OS/Version: All
Status: NEW
Severity: minor
Priority: P4
Component: iptables
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #11 from - <kd6lvw at yahoo.com> 2013-07-09 21:48:05 CEST ---
I fully disagree that the addition of duplicate rules that will never be
reached is part of the design. As a waste of memory allocation, it is
inefficient and therefore incorrect. The use of a hostname in place of an IP
address literal should not have any effect in
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #5 from - <kd6lvw at yahoo.com> 2013-07-09 03:45:06 CEST ---
Re: Comment #4. One doesn't know what the addresses are until they are
retrieved from the DNS. The point is that the routines which generate the
rules are NOT checking the values AFTER the CIDR netmask is applied to
eliminate POST-MASK duplicate answers. The
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #7 from - <kd6lvw at yahoo.com> 2013-07-09 09:35:30 CEST ---
Re: Comment #6 - It is up to the author of the ruleset to determine policy. It
is the duty of the software to properly execute that policy. Here, the
software fails to do so because it produces duplicate redundant rules which are
never used.
Note that iptables-save
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #9 from - <kd6lvw at yahoo.com> 2013-07-09 19:56:29 CEST ---
RE: Comment #7: "It seems your best solution is to add a single rule with
208.83.136.0/22."
Yet, it adds THREE rules, two of which will never fire, thus the problem and
bug report.
Extend your quota example: When the first rule reaches the quota, it will
2013 Jun 05
0
[Bug 812] addrtype with limit-iface-in in ip6tables/nat/PREROUTING messes up the route cache
https://bugzilla.netfilter.org/show_bug.cgi?id=812
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 Jun 05
0
[Bug 751] IPv6 bridging bug
https://bugzilla.netfilter.org/show_bug.cgi?id=751
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-06-05
2013 Jun 21
0
[Bug 663] Postrouting + IPsec + IPv6
https://bugzilla.netfilter.org/show_bug.cgi?id=663
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-06-21
2013 May 30
0
[Bug 773] iptables performance limits on # of rules using ipset
https://bugzilla.netfilter.org/show_bug.cgi?id=773
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC|jengelh at medozas.de |netfilter at linuxace.com
Resolution|
2013 Jun 20
0
[Bug 790] Normalize iptables rules
https://bugzilla.netfilter.org/show_bug.cgi?id=790
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-06-20
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 Jul 26
0
[Bug 663] Postrouting + IPsec + IPv6
https://bugzilla.netfilter.org/show_bug.cgi?id=663
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #3 from Phil Oester
2013 Oct 21
0
[Bug 751] IPv6 bridging bug
https://bugzilla.netfilter.org/show_bug.cgi?id=751
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #11 from Phil Oester
2013 May 22
6
[Bug 823] New: IPv6 NAT memory leaking
https://bugzilla.netfilter.org/show_bug.cgi?id=823
Summary: IPv6 NAT memory leaking
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: other
Status: NEW
Severity: critical
Priority: P5
Component: ip6_tables (kernel)
AssignedTo: netfilter-buglog at lists.netfilter.org
2013 Sep 11
8
[Bug 851] New: IPv6 SNAT target with --random doesn't work
https://bugzilla.netfilter.org/show_bug.cgi?id=851
Summary: IPv6 SNAT target with --random doesn't work
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: NAT
AssignedTo: netfilter-buglog at lists.netfilter.org
2013 Aug 27
0
[Bug 630] Enhancement: Allow rules to specify ICMP type ranges.
https://bugzilla.netfilter.org/show_bug.cgi?id=630
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
AssignedTo|pablo at netfilter.org |netfilter-buglog at lists.netf