Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1286
On Thu, 1 Nov 2018 at 21:51, Jamie Strandboge wrote:
>
> Can you advise if this is indeed a regression in 1.8 or is it intended
> behavior? If intended behavior, I'll need to update ufw accordingly
> (preliminary testing sh
Source: linux
Version: 4.18.10-2
Severity: normal
Tags: upstream
I just installed Debian Buster (testing) in a brand new Lenovo IdeaPad 520
laptop which includes a NVIDIA GeForce MX150 graphic card, using the nouveau
driver, and there are some issues with it.
First symptom is that f you close the
Control: fixed -1 1.8.1-2
Hi,
please try with iptables 1.8.1-2 which I just uploaded.
It includes some symlinks to handle this.
Please close bug if solved with 1.8.1-2.
thanks for the report! :-)
On Thu, 25 Oct 2018 at 11:39, Chris Boot wrote:
> > So, in this case, perhaps the proper fix is for ferm to don't hardcode
> > binary paths.
>
> Perhaps, but in that case a list of broken packages is going to need to
> be compiled, bugs filed against them, and (versioned) Breaks added to
> iptable
On Thu, 25 Oct 2018 at 01:18, Cesare Leonardi wrote:
>
> In the ferm case, it suffice to create the following two symlinks, to
> make it start again:
Thanks for reporting!
I would really like to don't introduce such symlinks. iptables should
really stop living in /sbin.
So, in this case, perhap
On Thu, 25 Oct 2018 at 02:30, Jon DeVree wrote:
>
> The iptables-persistent package was also broken by this change.
>
Thanks for reporting.
Same as for ferm. I would really like stop seing iptables-related
stuff on /sbin.
Perhaps iptables-persistent should avoid harcoding binary paths.
On 7 August 2018 at 11:06, Niels Thykier wrote:
> On Tue, 6 Feb 2018 17:04:59 +0100 Arturo Borrero Gonzalez
> wrote:
>> On 5 February 2018 at 11:08, Daniel Baumann
>> wrote:
>> > Package: iptables
>> > Version: 1.6.2-1
>> > Severity: normal
>>
On 5 August 2018 at 12:35, Jörg Frings-Fürst wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Package: sponsorship-requests
> Severity: normal
>
> Dear mentors,
>
> I am looking for a sponsor for my package "ipmitool"
>
Hey! thanks for your work.
Ping me next week if you don't
On 5 July 2018 at 22:26, Paul Gevers wrote:
> Source: nftables
> Version: 0.9.0-1
> Severity: normal
> User: debian...@lists.debian.org
> Usertags: issue
>
> Dear maintainer,
>
> I just spotted the log of the autopkgtest of nftables. It currently
> passes but the log says it fails. E.g. internalte
On 3 May 2018 at 12:07, James Cowgill wrote:
> When parallel builds are enabled, the "scripts" and "exec" targets will
> be run in parallel which fails because:
> - exec does not create $(DESTDIR)$(BINDIR) so will fail if scripts has
> not created it yet.
> - exec copies ebtables-save_ which will
Control: severity -1 normal
On Wed, 18 Apr 2018 10:30:56 -0700 Steve Langasek
wrote:
>
> There is at least one bug here in the package, which is that the
> autopkgtests make a brittle assumption that eth0 will be available in the
> test bed. eth0 is a legacy interface name in the kernel, and des
On 27 April 2018 at 13:36, Alberto Molina Coballes wrote:
> Package: sponsorship-requests
> Severity: normal
>
> Dear Maintainer,
>
> I'm intending to adopt ebtables and integrating it into the pkg-netfilter
> packaging team [0], Arturo Borrero González will sponsor
> it,
> but any comment will
If you check debian/tests/systemd-service-test.sh [0], the interface
in use by the config file is decided at runtime.
What autopkgtest tests are you running?
This seem like an ubuntu specific issue. All tests in debian are going
fine, both in unstable and in testing [1].
This Debian bug may resul
On 16 April 2018 at 16:38, Corey Bryant wrote:
> Package: conntrack-tools
> Version: 1:1.4.4+snapshot20161117-6
> Severity: normal
> Tags: patch
> User: ubuntu-de...@lists.ubuntu.com
> Usertags: origin-ubuntu bionic ubuntu-patch
>
> Dear Maintainer,
>
> In Ubuntu, the attached patch was applied to
Built, checked, signed and uploaded.
Please follow-up with any fixes or improvements you may find in this package.
Thanks for your contribution to Debian :-)
I plan to adopt this package and move it to pkg-netfilter packaging
team: https://wiki.debian.org/Teams/pkg-netfilter
I plan to adopt this package and integrate it into the pkg-netfilter
packaging team [0].
[0] https://wiki.debian.org/Teams/pkg-netfilter
On 10 March 2018 at 14:29, Yaroslav Halchenko wrote:
> I guess I have missed up with inability to version recommended packages...
> Yeah, then we should provide as an alternative. Will do
>
Thanks!
BTW, yes, we can have versioned recommends as well. If not, that's a
bug that requires fixing.
On 10 March 2018 at 14:04, Yaroslav Halchenko wrote:
> There is no | for recommends afaik
>
Of course there is [0]. This is Debian :-)
[0] https://www.debian.org/doc/debian-policy/#syntax-of-relationship-fields
On 9 March 2018 at 16:26, Yaroslav Halchenko wrote:
> THANKS! but...
>
> On Fri, 09 Mar 2018, Arturo Borrero Gonzalez wrote:
>
>> Also, no need to `Recommends: iptables`, since is installed by default in
>> every
>> Debian system.
>
> indeed it is (triple che
years already.
Please, consider the attached patch.
>From 4c8c10434ae73c76aeee481b183d15dbe032f945 Mon Sep 17 00:00:00 2001
From: Arturo Borrero Gonzalez
Date: Fri, 9 Mar 2018 13:00:03 +0100
Subject: [PATCH] d/control: add nftables references
The nftables framework replaces iptables. The
Package: wnpp
Severity: wishlist
Owner: Arturo Borrero Gonzalez
* Package name: nftlb
Version : 0.1
Upstream Author : Laura Garcia
* URL : https://github.com/zevenet/nftlb
* License : AGPL-3
Programming Lang: C
Description : nftables load balancer
Package: dpkg-dev
Version: 1.19.0.5
Severity: normal
Dear Maintainer,
when building stretch-backports package I used:
% sbuild --build-dep-resolver=aptitude --debbuildopts="-v"
as recommended at https://wiki.debian.org/BuildingFormalBackports
However, when generating the source.changes file,
On 5 February 2018 at 11:08, Daniel Baumann
wrote:
> Package: iptables
> Version: 1.6.2-1
> Severity: normal
>
> Hi,
>
> thanks for all the work you're doing for iptables/nftables in debian,
> much appreciated.
>
> when doing local backport of iptables 1.6.2-1 to stretch, i noticed that
> it fails
Control: fixed -1 0.8.2-1
On 25 January 2018 at 17:33, Charlemagne Lasse
wrote:
> Package: nftables
> Version: 0.7-1
> Severity: important
>
> The nft list crashes when an ip6tables-compat CT rule is found also in
> iptables-compat. This is either an assert with 0.7-1 or a segfault
> with 0.8-2~b
On Sun, 12 Nov 2017 22:18:54 -0800 Dima Kogan wrote:
> Package: googleearth-package
> Version: 1.2.2dima1
> Severity: grave
>
> Hi. I'm installing googleearth on a recent Debian/sid on amd64. Clearly
> I need to have the i386 foreign arch enabled. It'd be nice if the
> install explicitly told unsu
On 28 January 2018 at 11:12, Paolo Rosquin wrote:
> Package: nftables
> Version: 0.8.1-1
> Severity: important
> Tags: upstream
>
> Dear Maintainer,
>
> When nftables is enabled at boot time, it will fail to load and stop the whole
> booting process with "A start job is running for...". If I am no
Control: fixed -1 0.8-2
On Wed, 18 Oct 2017 05:59:50 +0200 Daniel Baumann
wrote:
> Package: nftables
> Version: 0.8-1
>
> Hi,
>
> nftables requires iptables >= 1.6.1 in order to build. It's not so much
> of a problem since sid has new enough iptables, however, it FTBFS'es on
> stretch when backpo
On Fri, 19 Jan 2018 21:58:11 +0800 =?utf-8?B?56mN5Li55bC8?= Dan
Jacobson wrote:
> I'm just saying
> > nftables.service is a disabled or a static unit not running, not starting
> > it.
> perhaps could be better written
> > nftables.service is disabled. Not starting it.
> or
> > nftables.service is
On Thu, 18 Jan 2018 11:29:26 -0500 "ad^2" wrote:
> Kernel: Linux 4.4.0-87-generic (SMP w/1 CPU core)
You are using an old kernel. Please update.
Also, it seems you are using Ubuntu. In that case, is better to ask
for help in proper Ubuntu support channels, since they may have
specific informati
On 18 January 2018 at 17:29, ad^2 wrote:
> ---
>* Expected outcome: remove the elements from the map.
This works here:
% sudo nft add map inet filter m1 {type ipv4_addr : verdict \; }
% sudo nft list ruleset
table inet filter {
map m1 {
type ipv4_addr : verdict
}
}
% sudo
On 19 January 2018 at 11:46, 積丹尼 Dan Jacobson wrote:
> Package: nftables
> Version: 0.8.1-1
> Severity: minor
>
> Setting up nftables (0.8.1-1) ...
> nftables.service is a disabled or a static unit not running, not starting it.
>
> Not completely correct. Yes it is disabled, but actually it is run
merge 887642 887641
On 18 January 2018 at 17:41, ad^2 wrote:
>
> Package: nftables
> Version: 0.8.1-1
> Severity: normal
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate
> ***
>
>* Converting working iptables rules to nft rules.
>* Original iptables rule
>
On 19 January 2018 at 11:50, 積丹尼 Dan Jacobson wrote:
> Package: nftables
> Version: 0.8.1-1
> Severity: wishlist
> File: /usr/share/man/man8/nft.8.gz
>
> The man page should mention the word "nftables" earlier.
> Currently one must read down 100 lines before it is even mentioned.
> You might want
On Thu, 13 Apr 2017 10:32:25 -0700 Khem Raj wrote:
> On Tue, 30 Dec 2014 16:54:55 +0100 Arturo Borrero Gonzalez
> wrote:
> > Hi Alexander,
> >
> > Would you mind to check if the issue still happens in the latest
> > release of libnftnl?
> yes the error still hap
On 9 January 2018 at 23:14, Alban Vidal wrote:
> Package: iptables
> Version: 1.6.1-2~bpo9+1
> Severity: wishlist
> Tags: patch
>
> Dear Maintainers,
>
> Please find attached a suggest patch to add functionality in iptables-save.
>
Please split the patches in individual changes: one for counters,
The libnftables library will be included in the upstream nftables
source tarball.
Package: apt
Version: 1.6~alpha5
Severity: wishlist
Dear apt maintainers/developers, thanks for your hard work with key package!
It's really appreciated :-)
I would love to have a clean way to generate a report of packages installed from
a given repository.
Example:
sources.list contains 'deb r
On 22 November 2017 at 18:28, Cyril Brulebois wrote:
> Control: severity -1 serious
> Control: tag -1 pending
>
> Hi Gabor,
>
> (I'm cc-ing the iptables maintainers so that they can correct me if I'm
> wrong in my findings below; iproute2's maintainer Alexander; and Julian
> who proposed an update
Source: linux
Version: 4.13.4-2
Severity: wishlist
Dear kernel maintainers,
thanks for your hard work with this package, it's really appreciated.
Please, enable missing nftables modules:
[...]
# CONFIG_NFT_RT is not set
CONFIG_NFT_NUMGEN=m
CONFIG_NFT_CT=m
CONFIG_NFT_SET_RBTREE=m
CONFIG_NFT_SET_
Control: fixed -1 1.6.2-3
Hi, I confirm that viking no longer segfaults at start, at least this
version 1.6.2-3.
% sudo LANG=C aptitude show viking
Package: viking
Version: 1.6.2-3+b1
New: yes
State: installed
Automatically installed: no
Priority: optional
Section: utils
Maintainer: Bernd Zeimetz
Control: reassign -1 linux 4.13
Control: tags -1 patch upstream
Hi,
this is probably a bug in the kernel, nf_tables subsystem.
This patch seems to address the issue:
https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/commit/?id=0414c78f14861cb704d6e6888efd53dd36e3bdde
I think the iss
Hi!
thanks for the bug report :-)
This seems to be some kind of issue with the syntax.
If you rearrange the rules like in the attached file (based on yours)
then all the ruleset loads fine.
You seem to be mixing 2 syntax in the same 'batch', which seems to be
the cause of the confusion for nftab
Hi,
closing this bug now. This seems bogus.
Control: fixed -1 0.8-1
Hi,
this bug is fixed in nftables v0.8 which is now in the archive.
Hi,
Debian now contains nftables v0.8 which includes support for ct helpers.
Control: tags -1 pending
On 18 October 2017 at 01:01, Matteo Croce wrote:
> Package: nftables
> Version: 0.7-2
> Severity: wishlist
>
> Dear Maintainer,
>
> Please consider updating nftables to 0.8 which finally
> supports TCP MSS clamping to MTU.
>
Doing that right now :-)
Control: found -1 17.2.2-1
nonscm.debian.org/git/pkg-bind/pkg-bind.git/commit/?id=e6f63f5a85d8fe6f22a995787e806f4887df9689
From: Arturo Borrero Gonzalez
bind9: move tools to /usr/bin instead of /usr/sbin
No need to have them in /usr/sbin. They are mostly usable by non-root users.
If they have a particular option which require
On Mon, 30 Jan 2017 12:16:42 +0100 Sascha Steinbiss wrote:
>
> the suricata package is currently configured by default to store its
> rules files in /etc/suricata/rules, which as a subdirectory under /etc
> is meant to hold 'static' files according to FHS section 3.7 [1]. While
> it is not strongl
Hi,
last week openshot 2.4.0 was released upstream [0].
I'm interested in having it in Debian.
Can't invest packaging time right now, but can help with other things,
for example
testing packages and sponsoring uploads if someone is collaborating
who doesn't have upload rights.
thanks you all for
Control: tags -1 pending
Thanks, I did the change and is now pending:
https://anonscm.debian.org/cgit/pkg-suricata/pkg-suricata.git/commit/?id=93ee9030a53a45c800ad5879c4e7c754c1dc1331
Hi,
any news? We are being hit by this bug, which is a bit annoying.
Are upstream systemd developers aware of this issue?
best regards
On 24 August 2017 at 09:59, Chris Boot wrote:
>
> The directory created by the ulogd2 package in Debian is /var/log/ulog,
> rather than /var/log/ulogd. I will assume this is a typo on your bug
> report rather than you using a different directory.
yes.
>
> The sudo with tail should work just fine
I think this is basically asking for the opposite of #846843 [0].
What is the point on disallowing root access using sudo?
[0] https://bugs.debian.org/846843
Package: ulogd2
Version: 2.0.5-5
Severity: normal
Dear Maintainer,
the ulogd2 package creates /var/log/ulogd upon installation for logs to be
there.
Problem is that with the default permissions, this directory is not available
for users using 'sudo', i.e. this is not possible:
% sudo tailf -f
Control: reassign -1 linux
On 22 August 2017 at 13:40, Tomas Simonaitis wrote:
> One more update:
> this might be related to issue:
> https://github.com/torvalds/linux/commit/ad5b55761956427f61ed9c96961bf9c5cd4f92dc
>
> adding --hashlimit-burst 18 or --hashlimit-burst 1
> fixes the issue.
>
Then
Fixed -1 4.11-1~exp1
On 16 August 2017 at 12:07, Helmut Grohne wrote:
> libnftnl fails to cross build from source, because it configures for the
> build architecture by not passing --host to ./configure. It subsequently
> fails finding libmnl, which is only requested for the host architecture
> in Build-Depends. Letti
On 8 August 2017 at 17:39, Adam D. Barratt wrote:
>
> Thanks. Please go ahead, with the tweaks from the earlier discussion -
> i.e. 3.2.1-1+deb9u1, with a changelog distribution of "stretch".
>
Uploaded, thanks.
On 12 August 2017 at 06:15, Steve Langasek wrote:
>
> The conntrack-tools 1.4.4+snapshot20161117 update was blocked from reaching
> Ubuntu's 17.04 release, because it regresses its autopkgtests in Ubuntu
> compared to 1.4.3-3.
Hi Steve,
thanks for your work, comments below.
>
> I have so far id
On 7 August 2017 at 03:05, Daniel Kahn Gillmor wrote:
> Package: nftables
> Version: 0.7-2
> Severity: minor
> Tags: patch upstream
>
> the nftables wiki uses https. the manpage for nftables should link to
> it using https, not http. i have tried sending the patch to
> netfil...@vger.kernel.org,
Control: tags -1 - moreinfo
On Tue, 25 Jul 2017 22:54:15 +0200 Arturo Borrero Gonzalez
wrote:
> Currently working on it.
>
Hi,
now unstable containst the code, package version 1:4.0.0-1
On Fri, 14 Jul 2017 10:36:38 +0100 "Adam D. Barratt"
wrote:
>
> I did - the version in unstable certainly doesn't. It does contain code
> that looks exactly the same as the vulnerable code in stable, so I
> assume the bug also affects that version.
>
Ok, I cherry-picked the patch and will let you
Control: tags -1 - moreinfo
On 14 July 2017 at 10:31, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On 2017-07-14 8:39, Arturo Borrero Gonzalez wrote:
>>
>> We have in stretch suricata 3.2.1-1 and I would like to cherry-pick a
>> patch [0]
>> in
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Dear release team,
thanks for your work in the Debian project, it's really appreciated.
We have in stretch suricata 3.2.1-1 and I would like to cherry-pick a patch [0]
in top of t
On 13 July 2017 at 13:52, Michael Biebl wrote:
>
> Well, it uses system() to execute the command which is supposed to only
> return once the forked command has finished. So I don't see the race
> condition. Can you elaborate?
>
Then no idea. I was just guessing.
In any case, I would discard an i
On 13 July 2017 at 13:19, Michael Biebl wrote:
>
> systemd-modules-load uses libkmod/kmod_module_probe_insert_module() to
> load the modules:
> https://github.com/systemd/systemd/blob/master/src/modules-load/modules-load.c
>
>
> I.e. it's not doing something fancy here and uses the same functional
CC'ing Florian Westphal from Netfilter, kernel maintainer.
On Thu, 13 Jul 2017 12:27:10 +0200 Michael Biebl wrote:
> I think the proper solution is to find out why the /sys entries are not
> available after the module has been loaded and fix that in the conntrack
> module.
>
Is this the issue?
P
On 13 July 2017 at 10:29, Joshua Honeycutt wrote:
> On Wed, Jul 12, 2017 at 8:28 AM, Andreas Ronnquist
> wrote:
>>
>> I'll sponsor this if you want me to. (Since I asked for a new unstable
>> release ;)
>>
>
> I would appreciate it. I had just done the upload the day before I got
> your request,
On Wed, 7 Jun 2017 13:35:13 +0200 Moritz Muehlenhoff wrote:
> A couple of possible solutions, but these are all rather something for
> upstream development:
> - sysctl.conf files could gain an additional parameter which specifies
> the kernel module creating the sysctl. systemd-sysctl could the
On 12 July 2017 at 14:50, Joshua Honeycutt wrote:
> Package: sponsorship-requests
> Severity: normal
>
> Dear mentors,
>
> I am looking for a sponsor for my package "synergy"
>
Hi,
I'm interested in sponsoring this. But I currently have a big backlog
and I'm not sure if I can handle this on
Control: tags -1 pending
On 2 July 2017 at 18:46, Martin Dickopp wrote:
> Package: nftables
> Version: 0.7-1
> Severity: normal
>
Thanks,
patch applied.
Control: tags -1 pending
Hi Helmut,
many thanks for the patch :-)
I applied it to the git repo [0] and will do an upload in the short term.
Please note that I mangled a bit the commit message with the content
of this bug report, for future references.
[0]
https://anonscm.debian.org/cgit/pkg-ne
twork
services to prevent this issue?
A quick and dirty workaround is to call sysctl in the nftables.service
file after loading the ruleset,
but I'm looking for something more robust/elegant.
What about running systemd-sysctl the last in the boot order chain?
--
Arturo Borrero Gonzalez
Depar
On 5 June 2017 at 15:16, Peter Poeschl wrote:
> Package: nftables
> Version: 0.7-1
> Severity: important
> Tags: ipv6
>
Hi Peter,
thanks for your detailed report :-) it's really appreciated.
> Dear Maintainer,
>
>* What led up to the situation?
>
> Tried to migrate my iptables/ip6tables bas
On 3 June 2017 at 21:29, Ivo De Decker wrote:
> Hi,
>
> On Fri, May 19, 2017 at 01:58:31PM +0200, Arturo Borrero Gonzalez wrote:
>> We managed to upgrade the BIOS (not the last one, though).
>>
>> Still no luck, kernel 4.9 doesn't boot while 4.7 does.
>
>
Control: severity -1 normal
On 28 May 2017 at 00:54, Harlan Lieberman-Berg
wrote:
>
> Bizarrely, the quite simple "workstation" example causes the language picker
> in
> gdm3 to disappear and the default layout to switch back to qwerty. As far as
> I
> can tell this doesn't happen on the next
On 26 May 2017 at 13:01, Lobert For Fun wrote:
> I forgot to attach the config files :P
>
> 2017-05-26 18:58 GMT+08:00 Lobert For Fun :
>>
>> Dear Maintainer,
>>
>> Thanks replying, I though you will ignore me. Anyway,
>>
>> My problem is the network cannot have a long-term connection with network
On 26 May 2017 at 00:45, Lobert For Fun wrote:
> Subject: iptables: network unstable when iptables mangle is added
> Package: iptables
> Version: 1.4.21-2+b1
> Severity: important
>
> Dear Maintainer,
>
Hi,
could you describe your problem?
best regards.
On Mon, 15 May 2017 13:56:24 +0200 Arturo Borrero Gonzalez
wrote:
> (please keep me in CC)
>
> On Sat, 13 May 2017 06:16:44 +0200 franckr wrote:
> > Hi Arturo,
> >
> > I cannot help for kernel, however, and you probably already know it:
> > Several bios updates
On 19 May 2017 at 11:50, Lee Garrett wrote:
>
> I'm open to co-maintaining this package if any individual or team is
> interested.
> I will need a sponsor for this package.
>
Consider packaging as part of the pkg-games team [0]. They have the
'quake' package.
I'm sure they will accept you in the
On Mon, 15 May 2017 13:56:24 +0200 Arturo Borrero Gonzalez
wrote:
>
> But the question remains, is this some kind of kernel regression?
>
>
BTW, I can give ssh access to the machine, running 4.7, for testing pourposes.
Package: libapt-pkg5.0
Version: 1.4.1
Severity: normal
Dear apt team,
thanks for your work, it's really apreciated :-)
Today, I was doing an 'aptitude upgrade' in a server running stretch testing,
which was a bit outdated.
This is the result of the 'aptitude upgrade' command. As you can see, wh
(please keep me in CC)
On Sat, 13 May 2017 06:16:44 +0200 franckr wrote:
> Hi Arturo,
>
> I cannot help for kernel, however, and you probably already know it:
> Several bios updates became available since 10/04/2007 version.
> Did you consider them ? (ie checking release logs)
> Will you try ?
>
Control: tags -1 pending
Fixed in git commit 636f10fb5be2a49072d2543e0d2aecb23f1a168e [0].
Waiting Stretch to be stable to push this into sid.
[0]
https://anonscm.debian.org/cgit/pkg-suricata/pkg-suricata.git/commit/?h=unstable-next&id=636f10fb5be2a49072d2543e0d2aecb23f1a168e
Control: repoen -1
Control: notfixed -1 3.2.1-1
On Mon, 15 May 2017 10:17:25 +0200 Arturo Borrero Gonzalez
wrote:
> Control: fixed -1 3.2.1-1
>
> This fixed code is already in the archive starting with suricata 3.2.1-1.
>
> Closing the bug now.
>
Sorry wrong bug number. Reopening :-)
Control: fixed -1 3.2.1-1
On Tue, 10 Jan 2017 22:11:57 +0100 Christoph Biedl
wrote:
> Also, after a quick glance into the init script:
>
> | else
> | echo "/etc/default/suricata is missing... bailing out!"
> | fi
>
> No, you're not bailing out. Perhaps add "exit 0"?
>
this code is already in
Control: fixed -1 3.2.1-1
This fixed code is already in the archive starting with suricata 3.2.1-1.
Closing the bug now.
Control: forwarded -1 https://redmine.openinfosecfoundation.org/issues/2115
Hi Hans,
I've effectively opened an upstream bug [0] requesting the changing
interfaces feature you mentioned.
As the bug seems to be addressed, I will close it now. Feel free to
reopen if necessary :-)
thanks, best reg
On Mon, 8 May 2017 14:11:19 +0200 Arturo Borrero Gonzalez
wrote:
> On 3 May 2017 at 19:58, Michael Biebl wrote:
> >
> > If it doesn't open up any security hole, then I don't see a reason to
> > not enable suricata upon installation.
>
BTW, any idea on how t
Hi Vladimir,
thanks for your report.
On 11 May 2017 at 10:02, Vladimir Kudrya wrote:
> Package: nftables
> Version: 0.7-1
> Severity: normal
>
> Dear Maintainer, since with recent kernel ct helpers are not automatic, it is
> required to manually assign them via firewall.
>
> With current combina
On 11 May 2017 at 09:44, Vladimir Kudrya wrote:
> Package: nftables
> Version: 0.7-1
> Severity: normal
>
> Dear Maintainer, I'm trying to set simple dnat with nftables
> The problem is: destination host is ignored:
> When applying this construction:
>
> table ip main {
> chain dstnat {
>
On 3 May 2017 at 19:58, Michael Biebl wrote:
>
> If it doesn't open up any security hole, then I don't see a reason to
> not enable suricata upon installation.
Ok, I agree.
I will make the changes, after the stretch stable release.
On 4 May 2017 at 13:20, Hans-J. Ullrich wrote:
>
> 1. On my netbook I regularly change the interface, which is connected to the
> internet. So maybe some day I need eth0, the next day wlan0 and also ppp0
> (via UMTS) is often in use.
>
> I want suricata check all the interfaces. All shall have t
On 3 May 2017 at 18:33, Michael Biebl wrote:
> [dropping debian-user from CC]
>
> Am 03.05.2017 um 17:39 schrieb Arturo Borrero Gonzalez:
>> On 3 May 2017 at 12:36, Michael Biebl wrote:
>>> Am 03.05.2017 um 11:11 schrieb Hans:
>>>> Hello all,
>
>>>
On 3 May 2017 at 12:36, Michael Biebl wrote:
> Am 03.05.2017 um 11:11 schrieb Hans:
>> Hello all,
>>
>> I have installed suricata on my system, but it will not start at boot.
>>
>> When I manually start it, it is working well.
>>
>> As the document advises, I copied /lib/systemd/system/suricata.s
BTW the exact same behaviour can be detected in debian testing stretch:
[...]
24/4/2017 -- 11:40:45 - - dropped the caps for main thread
24/4/2017 -- 11:40:45 - - [ERRCODE: SC_ERR_FOPEN(44)] - Error
opening file: "/var/log/suricata//fast.log": Permission denied
24/4/2017 -- 11:40:45 - - [ERRCOD
On Mon, 28 Nov 2016 11:26:04 +0100 Arturo Borrero Gonzalez
wrote:
>
> I will do some tests in my side too when the release happens.
>
Here my tests using 3.2.1-1~bpo8+1:
A fresh debian jessie system with jessie-backports enabled.
I added 'suri' user and 'suri' g
201 - 300 of 781 matches
Mail list logo
