similar to: [Bug 790] Normalize iptables rules

https://bugzilla.netfilter.org/show_bug.cgi?id=790 Andor <tothandor at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #9 from Andor <tothandor at

https://bugzilla.netfilter.org/show_bug.cgi?id=790 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter at linuxace.com --- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-06-20

https://bugzilla.netfilter.org/show_bug.cgi?id=790 --- Comment #7 from Andor <tothandor at gmail.com> 2013-06-24 17:05:46 CEST --- I'm keen to keep the same order for the scripts' output, but there are many modules and targets with hundreds of parameters, with immense ammount of possible combinations. How can you know the correct order for all, beyond the main parts (i.e. table,

https://bugzilla.netfilter.org/show_bug.cgi?id=790 --- Comment #10 from Andor <tothandor at gmail.com> 2013-07-01 16:28:29 CEST --- Pitily netns appeared only after 3.0. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=790 --- Comment #6 from Phil Oester <netfilter at linuxace.com> 2013-06-24 16:13:49 CEST --- Since your script produces the output of ipt1, just make sure you use the same order as iptables-save does. Iptables-save will always output args in the same order. The bug appears to be in the output you are creating, which is beyond our control. --

https://bugzilla.netfilter.org/show_bug.cgi?id=790 --- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-06-28 17:45:18 CEST --- Have you considered setting up a different network namespace to achieve this? For instance: ip netns add test ip netns exec test iptables-restore < /tmp/ipts ip netns exec test iptables-save This would seem to achieve the results you are looking

On 08/13/2013 06:31 AM, Laine Stump wrote: > Correct. That is a known problem since 2008: > > https://bugzilla.redhat.com/show_bug.cgi?id=453580 Thanks Laine for confirming it is a known issue. I googled it a lot but couldn't find that bugzilla entry. Do you know if this is still the case with the upcoming Fedora 20 & firewalld? (these rules are still being created)? >

On 08/13/2013 07:07 AM, Jorge Fábregas wrote: > On 08/13/2013 06:31 AM, Laine Stump wrote: >> Correct. That is a known problem since 2008: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=453580 > Thanks Laine for confirming it is a known issue. I googled it a lot but > couldn't find that bugzilla entry. > > Do you know if this is still the case with the

On 08/06/2013 06:38 PM, Jorge Fábregas wrote: > On 07/31/2013 11:01 AM, Jorge Fábregas wrote: >> That is, the first network can reach all other networks (just because it >> happens to be the first one defined). Is this the intention (only >> default can talk to the others but not the other way around)? > *Bump* > > I found this excellent post by Daniel Berrange: >

http://bugzilla.netfilter.org/show_bug.cgi?id=580 Summary: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1

http://bugzilla.netfilter.org/show_bug.cgi?id=706 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh at medozas.de --- Comment #1 from Jan Engelhardt <jengelh at medozas.de> 2011-03-03 14:20:30

hello, i have a question: - which one is faster: "tc filter with u32 match per dst ip" or "iptables match per dst ip with target CLASSIFY"? - this question is for large rulesets (over 500) thank you, cristian carstea

https://bugzilla.netfilter.org/show_bug.cgi?id=1407 Bug ID: 1407 Summary: Segfault with iptables-nft-restore when flush rules included Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component:

Hi, Is there a way that we can add custom IP-Tables rules in a nat'd physical host? I need some custom rules mentioned in physical host to access some services in the guest systems. Any hints on this? Regards, Kurian Thayil. -------------- next part -------------- An HTML attachment was scrubbed... URL:

https://bugzilla.netfilter.org/show_bug.cgi?id=1335 Bug ID: 1335 Summary: iptables-restore will crash if -6 rules are present Product: iptables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables-restore

On 16/07/2020 16:48, Kaushal Shriyan wrote: > Hi, > > I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am > running the below iptables command to allow SSH port 22 from a specific > source IP 219.91.200.59 > > iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT >> service iptables save > > > The above iptables ruleset

On Fri, Jul 17, 2020 at 2:41 AM Kenneth Porter <shiva at sewingwitch.com> wrote: > --On Thursday, July 16, 2020 10:41 PM +0530 Kaushal Shriyan > <kaushalshriyan at gmail.com> wrote: > > > I have run the below command but I am still able to connect from the > > internet. Do I need to add any drop traffic policy using nft? > > A single rule doesn't tell us

https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-07-09 15:56:45 CEST --- (In reply to comment #7) > It is the duty of the software to properly execute that policy. Here, the > software fails to do so because it produces duplicate redundant rules which are > never used. And where is it documented that the software

On Thu, Jul 16, 2020 at 9:25 PM Phil Perry <pperry at elrepo.org> wrote: > On 16/07/2020 16:48, Kaushal Shriyan wrote: > > Hi, > > > > I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I > am > > running the below iptables command to allow SSH port 22 from a specific > > source IP 219.91.200.59 > > > > iptables -A INPUT -m

Hi, I have some guests running in the "default" network (virbr0) and I've also created a similar (NAT) network (virbr1). Therefore, the FORWARD chain for the CentOS 6.4 host looks like this: http://fpaste.org/29229/75281379/ ...where line 3-7 are related to virbr0 and 8-12 to virbr1. My 2 questions: 1) I've noticed that I can ping from a guest within virbr0 to any guest on