similar to: [Bug 1290] New: ptables: nftables layer breaks ipsec/policy keyword

https://bugzilla.netfilter.org/show_bug.cgi?id=854 Summary: xtables_ipmask_to_cidr error code leaks into output of iptables --list Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: iptables

https://bugzilla.netfilter.org/show_bug.cgi?id=1263 Bug ID: 1263 Summary: Device or resource busy on nat loading. Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1105 Bug ID: 1105 Summary: masquerade fully broken when no prerouting chain is created Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: kernel

https://bugzilla.netfilter.org/show_bug.cgi?id=1303 Bug ID: 1303 Summary: nft improperly merges intervals Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1108 Bug ID: 1108 Summary: Need a new release to build nftables --with-xtables Product: iptables Version: CVS (please indicate timestamp) Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: iptables

Hi! The Netfilter project proudly presents: nftables 0.8.2 This release fixes ./configure --with-xtables that enables interaction between iptables-compat [1] and nft, and it also includes a bunch of documentation updates. This release introduces a new explicit option for interval sets, that enables auto-merge of adjacent/overlapping elements when adding them to the set, eg. table

Dear Devs, I have x4 4TB HDDs formatted with: mkfs.btrfs -L bu-16TB_0 -d raid1 -m raid1 /dev/sd[cdef] /etc/fstab mounts with the options: noatime,noauto,space_cache,inode_cache All on kernel 3.8.13. Upon using rsync to copy some heavily hardlinked backups from ReiserFS, I''ve seen: The following "block rsv returned -28" is repeated 7 times until there is a call trace

I'm trying to accomplish what I had hoped would be a fairly simple filtering of traffic to my VMs, but I'm hitting a snag. The VMs are allowing traffic when I wouldn't expect them to. Host and Guest are both running the same platform: Ubuntu 12.04.4 LTS 0.9.8-2ubuntu17.19 I have a basic bridge enabled on the host: brctl addbr brdg brctl addif brdg eth1 ip link set brdg up The host

Hi! The Netfilter project proudly presents: iptables 1.4.19 This release includes support for the new connlabel and bpf matches available in Linux 3.9, several fixes and manpage updates. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ Have fun!

Thank for your answer: But i dont know understand why is following not working: I want to restrict the ssh access for a special domain member: In my "sshd_config" i added: AllowGroups restrictaccess root With user2 im able to login via ssh! log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE With user1 im not! log: User user1 from 192.168.0.100 not allowed

From: Andrew Melnychenko <andrew at daynix.com> If there is a lot(more then 16) of virtio-console devices or virtio_console module is reloaded - buffers 'vtermnos' and 'cons_ops' are overflowed. In older kernels it overruns spinlock which leads to kernel freezing: https://bugzilla.redhat.com/show_bug.cgi?id=1786239 To reproduce the issue, you can try simple script that

The netfilter coreteam presents: iptables version 1.4.9 the iptables release for the 2.6.35 kernel. Changes include: - support for the LED target, which hadn't been merged so far because the kernel module had some bugs - a new version of the set extension for the upcoming release supporting IPv6 - negation support for the quota match - support for the SACK-IMMEDIATELY SCTP

Hi, I'm running CentOS 6.5 as NFS server (v3 and v4) and exporting Ext4 and XFS filesystem. After many months that all works fine today the server crash: Jan 30 09:46:13 qb-storage kernel: ------------[ cut here ]------------ Jan 30 09:46:13 qb-storage kernel: WARNING: at lib/list_debug.c:26 __list_add+0x6d/0xa0() (Not tainted) Jan 30 09:46:13 qb-storage kernel: Hardware name: PowerEdge

We have a (supposedly) quite standard setup: 2 Dom0 with drbd-on-lvm and a bunch of DomU, on Quad Xeon Dell servers. We tried with both sid-based and etch-based (+ 3.1 xen hypervisor and drbd 8 from backports.org ) Dom0, and quite consistently have "kernel: invalid opcode: 0000 [1] SMP" errors which freezes Dom0 (during lasts tests a simple start-and-stop loop of 10 DomU can trigger

https://bugzilla.netfilter.org/show_bug.cgi?id=1501 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |phil at nwl.cc --- Comment #7 from Phil Sutter <phil at nwl.cc> --- Hi, (In reply to marco.drummer from comment

On 05/27/2014 02:46 AM, Brian Rak wrote: > Make sure you have: > > /proc/sys/net/bridge/bridge-nf-call-iptables = 1 That doesn't make sense. bridge-nf-call-iptables controls whether or not traffic going across a Linux host bridge device will be sent through iptables, but the rules created by nwfilter are applied to the "vnetX" tap devices that connect the guest to the

http://bugzilla.netfilter.org/show_bug.cgi?id=713 Summary: CPPFLAGS are mishandled which breaks non-shared targets Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: unknown AssignedTo: netfilter-buglog at

The netfilter project presents: nftables 0.2 This release contains a rather large number of bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.14 kernel release as well as *drumroll* documentation. Syntax changes ============== * More consistency in data type names Data type names are used in set declarations. All address related types now

Hi! The Netfilter project proudly presents: nftables 0.9.4 This release contains fixes and new features available up to the Linux kernel 5.6 release. * Support for ranges in concatenations (requires Linux kernel >= 5.6), e.g. table ip foo { set whitelist { type ipv4_addr . ipv4_addr . inet_service flags interval

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following