Displaying 20 results from an estimated 10000 matches similar to: "[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment."
2009 Oct 20
1
[Bug 616] New: Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
http://bugzilla.netfilter.org/show_bug.cgi?id=616
Summary: Duplicate rules for multi-homed hostnames. IPv4 and IPv6
inconsistent treatment.
Product: iptables
Version: unspecified
Platform: i386
OS/Version: All
Status: NEW
Severity: minor
Priority: P4
Component: iptables
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #5 from - <kd6lvw at yahoo.com> 2013-07-09 03:45:06 CEST ---
Re: Comment #4. One doesn't know what the addresses are until they are
retrieved from the DNS. The point is that the routines which generate the
rules are NOT checking the values AFTER the CIDR netmask is applied to
eliminate POST-MASK duplicate answers. The
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #7 from - <kd6lvw at yahoo.com> 2013-07-09 09:35:30 CEST ---
Re: Comment #6 - It is up to the author of the ruleset to determine policy. It
is the duty of the software to properly execute that policy. Here, the
software fails to do so because it produces duplicate redundant rules which are
never used.
Note that iptables-save
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #9 from - <kd6lvw at yahoo.com> 2013-07-09 19:56:29 CEST ---
RE: Comment #7: "It seems your best solution is to add a single rule with
208.83.136.0/22."
Yet, it adds THREE rules, two of which will never fire, thus the problem and
bug report.
Extend your quota example: When the first rule reaches the quota, it will
2013 Jun 21
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at linuxace.com
--- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-06-21
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |WONTFIX
--- Comment #10 from Phil Oester
2013 Jul 08
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #4 from Phil Oester <netfilter at linuxace.com> 2013-07-08 23:33:07 CEST ---
As noted, #2 is solved already. Also, /128 will no longer print (commit
945353a2).
But your #1 makes little sense to me: discovery.razor.cloudmark.com/22. How
do you know that EVERY IP returned from a DNS lookup is always going to be a
/22 mask?
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #6 from Phil Oester <netfilter at linuxace.com> 2013-07-09 03:50:27 CEST ---
Yes, I fully understand what is happening in the one specific example you have
provided. However you need to answer what happens if Cloudmark suddenly
decides to add an IP _OUTSIDE_ of that /22 that is assigned to them. Let's say
they open a new
2013 Jul 09
0
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616
--- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-07-09 15:56:45 CEST ---
(In reply to comment #7)
> It is the duty of the software to properly execute that policy. Here, the
> software fails to do so because it produces duplicate redundant rules which are
> never used.
And where is it documented that the software
2009 Jun 07
2
[Bug 597] New: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix)
http://bugzilla.netfilter.org/show_bug.cgi?id=597
Summary: ip6tables connlimit - cannot set CIDR greater than 32
(includes fix)
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P1
Component: ip6tables
AssignedTo: laforge
2010 Jan 19
1
[Bug 630] New: Enhancement: Allow rules to specify ICMP type ranges.
http://bugzilla.netfilter.org/show_bug.cgi?id=630
Summary: Enhancement: Allow rules to specify ICMP type ranges.
Product: iptables
Version: unspecified
Platform: All
URL: http://www.ietf.org/rfc/rfc4890.txt
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ip6tables
2003 Aug 19
0
[Bug 108] strange text response for illegal ipv6 ip numbers in rules
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=108
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From
2014 Feb 02
0
[Bug 892] New: ip6tables --match policy needs to accept IPv4 addresses for --tunnel-src and --tunnel-dst
https://bugzilla.netfilter.org/show_bug.cgi?id=892
Summary: ip6tables --match policy needs to accept IPv4
addresses for --tunnel-src and --tunnel-dst
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ip6tables
2005 May 12
0
HTB and IPv6
Hi,
I''m trying to use HTB for IPv6 packets. In the LARTC archive I found a
thread on this issue where a solution was described. The idea is to mark
a user-defined chain then use the fwmark for filtering. However my
attempt wasn''t successful. I''m thinking of trying my luck with the u32
filter. This is what I did, any comment is greatly appreciated. Thank
you all.
tc
2011 Aug 29
2
[Bug 742] New: ip6tables "-m iprange" ipv6 range detection
http://bugzilla.netfilter.org/show_bug.cgi?id=742
Summary: ip6tables "-m iprange" ipv6 range detection
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: SuSE Linux
Status: NEW
Severity: critical
Priority: P5
Component: ip6_tables (kernel)
AssignedTo:
2024 Jan 06
9
[Bug 1730] New: nft does not handle IPv6 addresses with embedded IPv4 addresses
https://bugzilla.netfilter.org/show_bug.cgi?id=1730
Bug ID: 1730
Summary: nft does not handle IPv6 addresses with embedded IPv4
addresses
Product: nftables
Version: 1.0.x
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
2011 Jan 11
1
IPv6, HE tunnel and ip6tables problems
CentOS 5.5, fully patched.
I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty
well and is simple to setup. Everything works fine.
Until I try to set up an ip6tables firewall.
eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never
displays and the firewall shows
kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0
2013 Jun 28
0
IPv6 two or more providers, duplicating routing table does not work
Hello,
shorewall6 seem to have problems duplicating the main routing table. shorewall6 tries to add the fe80::/64 route of every ipv6 configured interface to routing table 1.
The first route applies but the other ones not.
If i try to add the routes manually to routing table 1 i have to add the first fe80::/64 route and append not add the other ones.
does not work:
ip -6 route add table 1
2017 Feb 23
1
Re: Is it possible to block ipv6 auto configuration entering the tinc tunnel?
hi
It was not working when i applied the rules on the vpn card. But I wondered if maybe bridging of vpn and eth0 was messing this up. I thought it was enough to only apply it to the vpn card
root at JOTVPN:~# brctl show
bridge name bridge id STP enabled interfaces
bridge 8000.000c29638a7e no eth0
vpn
so I tried the
2013 Oct 04
0
Is anyone using puppetlabs-firewall with IPv6?
Hi all,
I''m cleaning up some puppet manifests, and thought it would be a good
opportunity to move from my own monolithic iptables/ip6tables modules
to the official puppetlabs-firewall module.
But... what''s the deal with IPv6?
My first concern was that there is no easy way to have simple rules be
applied to both iptables and ip6tables. Fair enough, I just wrote a
simple wrapper