similar to: [Bug 887] New: iptables.xslt wrong "match" -m handling

Hello everybody: Here is my "network layout": ISP1 ISP2 | | | | +-----eth0---------eth1------+ | | | FC 3 box | | | +-----eth2---------eth3------+ |

https://bugzilla.netfilter.org/show_bug.cgi?id=860 Summary: Bizarre "cannot use" error inconsistent with command line Product: iptables Version: 1.4.x Platform: arm OS/Version: other Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo:

https://bugzilla.netfilter.org/show_bug.cgi?id=1687 Bug ID: 1687 Summary: Define set of set with in ipset list:sets Product: nftables Version: 1.0.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1410 Bug ID: 1410 Summary: STATELESS, rules with notrack into a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=886 Summary: iptables-xml segfaults on "-APOSTROUTING" Product: iptables Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: unknown AssignedTo: netfilter-buglog at

I will shortly be replacing a couple of proprietary VPN boxes with a FreeBSD solution. Section 10.10 of the Handbook has a detailed description of how to do this. However I remember a lot of discussion about a year ago about whether the gif interface was necessary to set up VPNs like this or whether it was just a convenience, for "getting the routing right". A number of people said

My Google-Fu skills have failed me, I have not been able to find a solution to the problem I am facing. asterisk + from + asterisk + options + qualify != what I am looking for -- When qualify is enabled on a trunk, the From line shows "asterisk". See the SIP message below. I would like to keep qualify enabled without sending the other end any reference to "asterisk". Can

I''ve found a similar thread here, but it doesn''t do quite what I need. https://groups.google.com/forum/?fromgroups=#!topic/puppet-users/VMloh1KrSew I have multiple lines of the form below in hosts.allow: sshd,sshd2: 1.1.1.1 sshd,sshd2: 2.2.2.2 etc. I''m struggling with the syntax to add yet another "sshd,sshd2: client" line to hosts.allow. augtool is

Hi I am trying to configure hosts.allow using augeas with puppet. I can add a ip range if process exists with this code augeas { "Add ${name} to ${process}": context => "/files/etc/hosts.allow", changes => "set *[process=''${process}'']/client[last()+1] ${name}", onlyif => "match

Hello! I have access server with 4 uplinks (nice, huh?). I ran RedHat 7.3. Yesterday I did an upgrade to RedHat 9. After upgrade Linux says the third link is bad: # ip route show 2.2.2.0/30 dev eth2 scope link src 2.2.2.2 4.4.4.0/30 dev eth4 scope link src 4.4.4.4 3.3.3.0/29 dev eth3 scope link src 3.3.3.3 1.1.1.0/28 dev eth1 scope link src 1.1.1.1 10.1.1.0/24 dev eth0 scope link

hi, i have a problem, and i am completely stuck with it, i hope someone can point out where is my config wrong. I have three server, connect together with IAX trunking. The server are at romania (10.0.4.23, V1.4.22), hungary (10.0.1.23, V1.4.20) and serbia (10.0.3.4, V1.4.22). I have a hardphone (6251) connected to the romanian server, i dial a hungarian telephone number, the call goes to the

https://bugzilla.netfilter.org/show_bug.cgi?id=850 Summary: DNAT applied even after deleting the IP Tables DNAT Rule Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at

hi I need to exclude some ip addres and a lan in a rule of iptables that redirect the www to my squid proxy. The rule is iptables -t nat -A PREROUTING -i eth0 -d ! 192.168.200.220 -ptcp --dport 80 -jREDIRECT --to-ports 3128 PS: i use this rule to redirect squid proxy in this machine that not is my firewall linux (is a faq of shorewall redirect with iproute). How could i exclude some ip address

https://bugzilla.netfilter.org/show_bug.cgi?id=854 Summary: xtables_ipmask_to_cidr error code leaks into output of iptables --list Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: iptables

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=70 Summary: udp connection(snmp) not being tracked. Product: netfilter/iptables Version: patch-o-matic Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P2 Component: connection tracking AssignedTo:

https://bugzilla.netfilter.org/show_bug.cgi?id=1391 Bug ID: 1391 Summary: iptables-nft-restore --test can segfault Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: iptables over nftable Assignee: pablo at

Hi! I have many problems getting this thing to work. There''s a host with two network interfaces, where there are two routers to Internet in two separated networks. The host uses multihop routing for deciding to which router send the packets... but the routing decision is wrong made. Some packets with source address of one NIC, go to other network. I have a host with three NICs in it:

Hello I have /25 addressed on a box (virtual devices on eth0) and I want to tunnel some of these addresses to my home network. One address to my gateway (a.b.c.d, external IP) and one address to my internal network (192.168.0.0/24-style). I will use the tunnels for irc, smtp and surfing. What protocol and which technique is easiest and best to use? One more thing. I don''t want to set up

Hi all. I can''t seem to get the h323 connection tracking configured correctly for Shorewall. I am using the Debian Shorewall 4.5.16.1 package. I am running a Debian 3.9 kernel like so: # uname -a Linux gw 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux My version of iptables is: # iptables -V iptables v1.4.20 If I add the following rule in the /etc/shorewall/tcrules file to

https://bugzilla.netfilter.org/show_bug.cgi?id=1158 Bug ID: 1158 Summary: using old session data when piping multiple commands Product: ipset Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: minor Priority: P5 Component: default Assignee: netfilter-buglog