similar to: [Bug 1065] New: NOTRACK is not supported in nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1213 Bug ID: 1213 Summary: Nft stateless NAT (NOTRACK) Product: nftables Version: unspecified Hardware: All OS: Ubuntu Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1410 Bug ID: 1410 Summary: STATELESS, rules with notrack into a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1422 Bug ID: 1422 Summary: iptables-nft fails to check / delete rules in raw table Product: iptables Version: 1.6.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: iptables

https://bugzilla.netfilter.org/show_bug.cgi?id=1359 Bug ID: 1359 Summary: nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.netfilter.org/show_bug.cgi?id=830 Summary: ??iptables????????? Product: iptables Version: unspecified Platform: All OS/Version: RedHat Linux Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: higkoohk

I was trying to do what the article at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables <http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E> suggested My iptables rules are ------------------------------------------------------------------------ #that's what the

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Hi there, i have now a working domU which is bridged into the dom0. I have set as gateway the bridge device. So far this works i can access the domU from the dom0 (for example using ssh or http). The access from domU into dom0 works, too. But i can not get a working NAT setup to route the traffic from domU into the internet. I tried a few variants, switching of tx checks on the ethernet device,

Hi, I would like to see this addressed. I found more information on the issue at https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html Is there a firewalld solution to this issue? On 04/11/2017 11:05 AM, Chris Adams wrote: > One additional DNS server note: you should disable firewalld for any DNS > server, caching or authoritative. If you need firewalling, use

The Shorewall team is pleased to announce the availability of Shorewall 4.5.7. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.6.2. 2) The command

On 04/11/2017 04:16 PM, Alice Wonder wrote: > Hi, I would like to see this addressed. > Is there a firewalld solution to this issue? Yes: # Disable connection tracking for UDP DNS traffic # https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m conntrack --ctstate UNTRACKED -j ACCEPT firewall-cmd

https://bugzilla.netfilter.org/show_bug.cgi?id=1761 Bug ID: 1761 Summary: nft_fib checks only the main route table when iif is a slave of a master vrf interface Product: nftables Version: 1.0.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5

Hi all. I can''t seem to get the h323 connection tracking configured correctly for Shorewall. I am using the Debian Shorewall 4.5.16.1 package. I am running a Debian 3.9 kernel like so: # uname -a Linux gw 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux My version of iptables is: # iptables -V iptables v1.4.20 If I add the following rule in the /etc/shorewall/tcrules file to

Hello List! I got a small (50mbits or so) application layer ddos attack against a few name servers (thousands of IPs sending lots of bogus A record requests - weird) - one of the name servers was behind a shorewall firewall. That firewall was running a 2.6.18-194.11.1.el5 kernel and shorewall-4.4.11.1-1. I noticed that the shorewall host had ksoftirqd using 100% of the CPU during the

think i posted in the wrong ml the first time, sorry, reposting here hi, i recently updated to xen 3.2 and now networking has stopped working. i have a configuration with 2 nics: eth1 (internet) and eth0 (lan) when i start xen i get peth0,peth1 with no ip, and bridge eth0,eth1 with the right addresses the server running xen is also the lan gw the routing table seems ok 192.168.0.0 *

I have a bunch of servers, where I''ve deployed shorewall-lite. For us is very useful to have a centralized repository of the firewall rules deployed in our servers. One of this servers is pretty busy, handling lots of connections. In that server I''m getting from time to time this message: ip_conntrack: table full If I where working in a custom made iptables firewall I will

https://bugzilla.netfilter.org/show_bug.cgi?id=882 Summary: The conntrack-tools archive contains some leftovers from a patch run Product: conntrack-tools Version: unspecified Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: conntrack-daemon

Hi! The Netfilter project proudly presents: libnftnl 1.0.7 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release includes the following list of updates: * New nftnl_rule_cmp()

http://bugzilla.mindrot.org/show_bug.cgi?id=1065 ------- Comment #11 from joss at debian.org 2005-12-06 22:31 ------- Created an attachment (id=1036) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1036&action=view) Debugging output of the issue Finally, here is the output of sshd -ddd. First, in normal operation. Second, when the problem occurs. Third, with an expired password,