similar to: [Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.

http://bugzilla.netfilter.org/show_bug.cgi?id=616 Summary: Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment. Product: iptables Version: unspecified Platform: i386 OS/Version: All Status: NEW Severity: minor Priority: P4 Component: iptables

https://bugzilla.netfilter.org/show_bug.cgi?id=616 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX --- Comment #10 from Phil Oester

https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #5 from - <kd6lvw at yahoo.com> 2013-07-09 03:45:06 CEST --- Re: Comment #4. One doesn't know what the addresses are until they are retrieved from the DNS. The point is that the routines which generate the rules are NOT checking the values AFTER the CIDR netmask is applied to eliminate POST-MASK duplicate answers. The

https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #7 from - <kd6lvw at yahoo.com> 2013-07-09 09:35:30 CEST --- Re: Comment #6 - It is up to the author of the ruleset to determine policy. It is the duty of the software to properly execute that policy. Here, the software fails to do so because it produces duplicate redundant rules which are never used. Note that iptables-save

https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #11 from - <kd6lvw at yahoo.com> 2013-07-09 21:48:05 CEST --- I fully disagree that the addition of duplicate rules that will never be reached is part of the design. As a waste of memory allocation, it is inefficient and therefore incorrect. The use of a hostname in place of an IP address literal should not have any effect in

https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-07-09 15:56:45 CEST --- (In reply to comment #7) > It is the duty of the software to properly execute that policy. Here, the > software fails to do so because it produces duplicate redundant rules which are > never used. And where is it documented that the software

https://bugzilla.netfilter.org/show_bug.cgi?id=616 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter at linuxace.com --- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-06-21

https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-07-08 23:33:07 CEST --- As noted, #2 is solved already. Also, /128 will no longer print (commit 945353a2). But your #1 makes little sense to me: discovery.razor.cloudmark.com/22. How do you know that EVERY IP returned from a DNS lookup is always going to be a /22 mask?

https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #6 from Phil Oester <netfilter at linuxace.com> 2013-07-09 03:50:27 CEST --- Yes, I fully understand what is happening in the one specific example you have provided. However you need to answer what happens if Cloudmark suddenly decides to add an IP _OUTSIDE_ of that /22 that is assigned to them. Let's say they open a new

http://bugzilla.netfilter.org/show_bug.cgi?id=630 Summary: Enhancement: Allow rules to specify ICMP type ranges. Product: iptables Version: unspecified Platform: All URL: http://www.ietf.org/rfc/rfc4890.txt OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: ip6tables

https://bugzilla.netfilter.org/show_bug.cgi?id=919 Summary: ah: --reserver is not supported (ipv4 and ipv6) Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=841 Summary: Specifying netmask option when creating ipv6 hash:ip is inconsistent Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: minor Priority: P5 Component: default AssignedTo:

http://bugzilla.netfilter.org/show_bug.cgi?id=597 Summary: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix) Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: major Priority: P1 Component: ip6tables AssignedTo: laforge

https://bugzilla.netfilter.org/show_bug.cgi?id=1413 Bug ID: 1413 Summary: Inconsistent EBUSY errors when adding a duplicate element to a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5

On Mon, May 18, 2020 at 2:44 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 17/05/2020 23:10, Michael Jones wrote: > > Why? > Amongst others, you may get: > > Slow / Failed logins > Replication issues > Group policy access issues > login script issues > > A multi-homed DC (for whatever reason) is a bad idea. > > Rowland > I

Dear all, as I am currently planning a network with Samba AD DC I was wondering if you can recommend any best practice for a multi-homed AD DC. My current plan is to have one NIC for Samba services and a second one dedicated to management functions (e.g. SSH) on a separate network restricted to admin users. In a testbed scenario I already discovered that once both adapters exist, samba seems to

On Sun, May 17, 2020 at 1:43 PM Rowland penny via samba < samba at lists.samba.org> wrote: > On 17/05/2020 19:30, Johannes Engel via samba wrote: > > Dear all, > > > > as I am currently planning a network with Samba AD DC I was wondering if > > you can recommend any best practice for a multi-homed AD DC. > > Best practise is: do not multi-home a DC. >

Hi, I connected a multi-homed Win95 machine (carrot, see below) to two networks (ankh-net and morpork-net) which a multi-homed Linux machine running Samba 1.9.18p10 (or whatever the latest <2 is) was also connected to (vimes) and wanted to see which of the two interfaces Win95 would pick... --------------------------------- ankh-net 134.225.241.0/24 | |

>From a security standpoint, if the default keytab (/etc/krb5.keytab) contains only ONE principal, does it matter if GSSAPIStrictAcceptorCheck is set to "yes" or "no"? My company uses an internally built OpenSSH package that includes the GSSAPI Key Exchange patch. Because we have 1000s of hosts, we need to use a "standard" sshd_config file that works for the

Hey all, I'm experiencing a problem with chan_sip on a multi-homed machine. The machine has 1 interface to the rest of the world and 1 interface on a local network. The local network has public IP-addresses, though, and the IP-addresses of both interfaces are reachable from the outside world, but by default, outgoing traffic from that machine to the outside world will have the IP-address of