similar to: [Bug 1423] New: iptables-translate silently discards --ctstate DNAT

https://bugzilla.netfilter.org/show_bug.cgi?id=874 Summary: Any conntrack conditions specified with --ctstate INVALID are not checked Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo:

https://bugzilla.netfilter.org/show_bug.cgi?id=874 Fabio <pedretti.fabio at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |pedretti.fabio at gmail.com Resolution|FIXED

https://bugzilla.netfilter.org/show_bug.cgi?id=874 --- Comment #4 from Phil Sutter <phil at nwl.cc> --- (In reply to Fabio from comment #3) > Reopening, it looks like 2e704f6ddd6d0 fixed 873, not 874. Oh, right! Thanks for spotting. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL:

https://bugzilla.netfilter.org/show_bug.cgi?id=1448 Bug ID: 1448 Summary: SNAT/DNAT/Masquerading not working for UDPLite protocol Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: NAT

Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha scritto: > > set 01 22:36:56 s-addc.studiomosca.net named[639]: samba_dlz: > > cancelling transaction on zone studiomosca.net > > That is showing that a client isn't being allowed to update a record. Is it possible to cure it in some way? > > [2] ----[smb.conf] > > > Please do not post

On Wed, 24 Apr 2019 at 06:01, likun <kun.li at ucarinc.com> wrote: > Hi?guys. > > There is a wierd problem with iptables recently, hopes somebody can help > me. > > I have installed Centos 7.2.1511 on a bare metal Dell server these days, > disabled firewalld and enabled iptables.services, and setup a group of very > simple rules, as the following: > > I believe

Hi?guys. There is a wierd problem with iptables recently, hopes somebody can help me. I have installed Centos 7.2.1511 on a bare metal Dell server these days, disabled firewalld and enabled iptables.services, and setup a group of very simple rules, as the following: # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT

Hello, Stephen, thank you for input. Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good. Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time. >From the sysctl output, I suppose it can't be a conntrack table overflow :

Rowland, Did some editing in smb.conf that I had to reverse. Now I'm back to being able to connect with the firewall disabled. When I enable the firewall I get as far as windows network -> workgroup but no connection. I have only the rules you recommended in your last email. Louis, The information you requested is below: martin at radio:~$ dpkg -l|egrep "iptables|ufw" ii 

Hi, Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters. My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt. Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back

Rowland, OK. Should I delete these lines? diff yours mine 63d62 yours# -A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " 85,87d83 yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] " yours# -A ufw-before-logging-input -m conntrack

https://bugzilla.netfilter.org/show_bug.cgi?id=917 Summary: Kernel OOPS on Kernel 3.14.2 Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: critical Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org

Hello, I'm having problem setting up filtering traffic for a virtual machine managed by libvirt. Strange thing is, such a setup has been working fine for me on an older version of distro (namely, opensuse 11.3 w/updates, kernel 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse 12.4 (kernel 3.7.10, libvirt 1.0.2). The definition of filter in question is pretty simple:

On Tue, Jun 20, 2017 at 02:26:59AM -0400, Travis S. Johnson wrote: >Hello, > >I came across an interesting problem in my home lab a few weeks ago as I'm >prepping for my RHCE exam using Michael Jang study guide. I've been at this >for days now, and I still can't wrap my head around how two or more virtual >networks in default NAT configuration are even allowed to

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

On Wed, 6 Feb 2019 16:05:40 -0500 Martin McGlensey via samba <samba at lists.samba.org> wrote: > Rowland, > > Did some editing in smb.conf that I had to reverse. Now I'm back to > being able to connect with the firewall disabled. When I enable the > firewall I get as far as windows network -> workgroup but no > connection. I have only the rules you recommended in

Louis, Made the changes. Still unable to mount office. Firewall also blocks Thunderbird mail and maybe internet. Will check that more fully later.Any thoughts ob Tony's response? Outputs: martin at radio:/etc$ sudo apt-get install ufw Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no

Hello. I'm getting trouble with the ADMINISABSENTMINDED option, it doesn't seem to work as stated in the manual. When using the default ADMINISABSENTMINDED=Yes and no routestopped file, here are the firewall state after executing shorewall stop : Chain INPUT (policy DROP 473 packets, 106K bytes) pkts bytes target prot opt in out source destination

Yes, Try this ( copy past-able. ) ufw disable ufw reset ufw limit 22/tcp ufw allow in proto tcp from any port 389,1024:65535 to any port 1024:65535 ufw allow 139,445/tcp ufw allow 137,138/udp ufw --force enable Sorry for the late reply, but im bit busy with some servers here. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org]

http://bugzilla.netfilter.org/show_bug.cgi?id=712 Summary: iptables-save does not save correcly rateest bps parameter Product: iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: unknown AssignedTo: