similar to: [Bug 1280] New: meta pkttype incompatible? with ingress

https://bugzilla.netfilter.org/show_bug.cgi?id=1141 Bug ID: 1141 Summary: trace aborts using pkttype on ingress Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: kernel Assignee: pablo at netfilter.org

Hi, as discussed with cmouse on freenode two days ago please find attached necessary debug information on a crashing imap-login process, that appeared after upgrading to v2.3 (+ sieve). It is a standard setup in combination with postfix and thunderbird, roundcube and K9(Android) as imap clients. Panic happens 5-6 times a day, but no influence on user experience. Unfortunately i have no idea

Hi Tom, Thank you for your quick reply. I aplied changes as you suppose, and now users can comunicate each with others. - thank you very much. I have just one aditional question regarding PKTTYPE=No variable. I didnt find it in shorewall.conf so I simply add it at the end of conf file (above #Last line :-) ) So question is it is standard feature of shorewall, and from which version it is

https://bugzilla.netfilter.org/show_bug.cgi?id=1449 Bug ID: 1449 Summary: nft ipv4 set with interval issue Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: blocker Priority: P5 Component: nft Assignee: pablo at netfilter.org

hello Tom >Another very likely cause is that Shorewall-shell is generating a pkttype >test to identify multicast packets. This can be unreliable and can be >avoided by setting PKTTYPE=No in shorewall.conf. After using PKTTYPE=No in shorewall.conf , my syslog is clean now. Do you mean that adding the following line in /etc/shorewall/interfaces is suffiscient? dmz eth1

This will be my last 2.2 release. It contains a couple of small bug fixes that I had laying around. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would still be used if the kernel supported it. 2) A typo in the ''tunnel'' script has been corrected

https://bugzilla.netfilter.org/show_bug.cgi?id=1272 Bug ID: 1272 Summary: netdev-ingress.nft is missing from files/netfilter/ Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1140 Bug ID: 1140 Summary: nft dump invalid (flow table) Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1238 Bug ID: 1238 Summary: meta limits protocols when it shouldn't Product: nftables Version: unspecified Hardware: x86_64 OS: Fedora Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at netfilter.org

G''day all. I''m trying to set up Clam AV scanning of incoming POP3 email to my Thunderbird mail client; I have a standalone laptop with a 56k dialup connection to my ISP. I can''t seem to get port redirection working: I''m trying to redirect incoming POP3 mail from my ISP''s mail server to p3scan which is listening on 127.0.0.1:8110 and will do the AV

https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Bug ID: 1142 Summary: invalid binop operation 6nft Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

I'm trying to impute data using the mi package, but after running through almost the entire first round of imputations (which takes quite a while), it throws this error (I'll include the whole output prior to the error for context). Does anyone know what is causing it, or how I can fix it? More specifically, how can I tell what is throwing the error so I know what to fix? Is

After gaining some experience with the new release model, it has become apparent to me that a small adjustment is warrented. I previously announced that updates to the stable release would only contain bug fixes. I''m modifying that slightly to allow for small low-risk enhancements; large and/or risky enhancements will still be restricted to the development release. We have seen this

https://bugzilla.netfilter.org/show_bug.cgi?id=1090 Bug ID: 1090 Summary: Named sets: comments disappear with flags interval Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

I have a firewall rule to drop packets from certain addresses: (email spam) my /etc/sysconfig/iptables begins as: # Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1:148] -A INPUT -m pkttype --pkt-type multicast -j ACCEPT -A INPUT -s 223.255.229.0/24 -j DROP -A INPUT -s 218.96.0.0/24 -j DROP -A INPUT -s

https://bugzilla.netfilter.org/show_bug.cgi?id=1737 Bug ID: 1737 Summary: meta hour error with different time-zones Product: nftables Version: 1.0.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

(anonymous post) I have a simple 2 interface firewall setup and all is good, almost. I am hosting virtual websites and DNS behind shorewall no problem. However I am trying to use SFTP via a different port number and have no luck even though Putty works well. Is there anything weird to sftp and shorewall? My lab uses a different firewall (firestarter) and it works OK. I am using; DNAT net

Hi all, I''m using Fedora Core 2, kernel 2.6.5. I''ve installed shorewall 2.1.9 from rpm package. It seems that there is a builtin action called "dropBcast" drops all broadcast packages on my ethernet interfaces base on package type "pkttype=broadcast". For a particular reason, I need all traffics of broadcast packages are allowed to pass my ethernet