similar to: [Bug 579] New: iptables --ports argument unknown

--5uhzMJlTksuFv+PE Content-Type: multipart/mixed; boundary="9A1A73/U17WN0PFw" Content-Disposition: inline --9A1A73/U17WN0PFw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! The netfilter coreteam proudly presents: iptables version 1.2.9 1.2.9 is (like most other 1.2.x releases) a maintainance release,

Hello, I have been hunting a memory-leak warning in vring_add_indirect: unreferenced object 0xffff88003d467e20 (size 32): comm "softirq", pid 0, jiffies 4295197765 (age 6.364s) hex dump (first 32 bytes): 28 19 bf 3d 00 00 00 00 0c 00 00 00 01 00 01 00 (..=............ 02 dc 51 3c 00 00 00 00 56 00 00 00 00 00 00 00 ..Q<....V....... backtrace:

Hello, I have been hunting a memory-leak warning in vring_add_indirect: unreferenced object 0xffff88003d467e20 (size 32): comm "softirq", pid 0, jiffies 4295197765 (age 6.364s) hex dump (first 32 bytes): 28 19 bf 3d 00 00 00 00 0c 00 00 00 01 00 01 00 (..=............ 02 dc 51 3c 00 00 00 00 56 00 00 00 00 00 00 00 ..Q<....V....... backtrace:

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=447 Summary: iptables doesn't support multiple times the same match in one rule Product: iptables Version: 1.3.5 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: iptables AssignedTo:

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=451 Summary: ip6tables port range support in multiport modules is broken Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: ip6tables

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=442 Summary: skb->data_len corrupted in NF_IP_LOCAL_OUT in mangle table Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P2 Component: ip_tables

On Fri, Oct 4, 2013 at 1:59 AM, Rusty Russell <rusty at rustcorp.com.au> wrote: > Thanks! Does this work? > > virtio_ring: plug kmemleak false positive. > > unreferenced object 0xffff88003d467e20 (size 32): > comm "softirq", pid 0, jiffies 4295197765 (age 6.364s) > hex dump (first 32 bytes): > 28 19 bf 3d 00 00 00 00 0c 00 00 00 01 00 01 00

On Fri, Oct 4, 2013 at 1:59 AM, Rusty Russell <rusty at rustcorp.com.au> wrote: > Thanks! Does this work? > > virtio_ring: plug kmemleak false positive. > > unreferenced object 0xffff88003d467e20 (size 32): > comm "softirq", pid 0, jiffies 4295197765 (age 6.364s) > hex dump (first 32 bytes): > 28 19 bf 3d 00 00 00 00 0c 00 00 00 01 00 01 00

When do you know you need the "-m multiport" option? I see examples with -dport xx:xxx for example that sometimes use it and sometimes don't? I have read the man page and see what "-m multiport" requires, but don't see the requirement involving its use. Thanks! jlc

I have a dual homed server in an install for someone who is very cost sensitive. This server originally is being setup as an Asterisk server, but now the simplest thing for me to do is also set it up to provide internet access for the small shop as well. So it will have one external, WAN facing nic that needs all incoming ports except UDP 5060 and 10000 -> 60000 blocked for all but two ips.

Where is the correct place to control what traffic is masq'ed out? This is what I have, but I was told the Forward chain isn't the right place to do this? iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport

http://bugzilla.netfilter.org/show_bug.cgi?id=578 Summary: Inserting Rule requires rulename as first argument (instead of the rulenumber) Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P1 Component: iptables

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

I have a squid proxy running transparently, so in my firewall script I run the following fairly early: iptables -A PREROUTING -t nat -i $LAN -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128 This is a multihomed server so after this change the masquerading was removed (as only web access on the lan side of this server was needed). I now need to masq cleanly one device so that it

http://bugzilla.netfilter.org/show_bug.cgi?id=575 Summary: iptables-save didn't flush output buffers before fork Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: iptables-save AssignedTo: laforge at netfilter.org

This rule with a long name and logging: AllowInternetPrintingProtocol:debug causes this iptables error: Processing /etc/shorewall/rules... Rule "AllowSSH:info net fw" added. Rule "AllowPing:info net fw" added. Rule "AllowWeb:debug net fw" added. iptables v1.2.9: Maximum prefix length 29 for --log-prefix Try `iptables

Hello again, unfortunately the following /etc/sysconfig/iptables file does not work: *nat :INPUT ACCEPT :OUTPUT ACCEPT :PREROUTING ACCEPT :POSTROUTING ACCEPT #-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT --to-ports 8080 COMMIT *filter :INPUT DROP :OUTPUT ACCEPT :FORWARD DROP -A INPUT -m state --state

Good evening, on a CentOS 7 LAMP (not gateway) dedicated server I am using iptables-services with the following /etc/sysconfig/iptables: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp -m

http://bugzilla.netfilter.org/show_bug.cgi?id=611 Summary: interface spec. - rule parser error Product: iptables Version: unspecified Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P1 Component: iptables-restore AssignedTo: laforge at netfilter.org