Thanks Florian!
I'll send a v2 addressing the comments.
Ahmed
On Tue, 21 Aug 2018 18:13:08 +0200
Florian Westphal wrote:
> Ahmed Abdelsalam wrote:
> > +static int seg6_check(const struct xt_tgchk_param *par)
> > +{
> > + /**
> > +* In the future, some new action may require using
> > +
As we are going to use the function nft_mnl_talk() from the incoming
nftnl_osf.c, we make it public.
Signed-off-by: Fernando Fernandez Mancera
---
include/mnl.h | 4
src/mnl.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/mnl.h b/include/mnl.h
index
Import iptables/utils/nfnl_osf.c into nftables tree with some changes in order
to load OS fingerprints automatically from pf.os file.
Signed-off-by: Fernando Fernandez Mancera
---
include/linux/netfilter/Makefile.am | 1 +
include/linux/netfilter/nfnetlink_osf.h | 119 +++
As we are going to need pf.os file to load OS fingerprints from the incoming
nfnl_osf.c, we copy it into the nftables tree directory "files/osf/".
Signed-off-by: Fernando Fernandez Mancera
---
configure.ac | 1 +
files/Makefile.am | 3 +-
files/nftables/Makefile.am |
Hi,
I’m willing to use RTSP through my netfilter-based firewall (that uses
NAT for IPv4).
After a quick search, I found that someone implemented NAT and conntrack
modules for RTSP a few years ago, and it looks rather unmaintained:
https://github.com/maru-sama/rtsp-linux
Has anyone asked for
Ahmed Abdelsalam wrote:
> +static int seg6_check(const struct xt_tgchk_param *par)
> +{
> + /**
> + * In the future, some new action may require using
> + * this function for doing some checks
> + */
Please add add a check on seg6->action and return -EOPNOSTUPP
in case it
Phil Sutter wrote:
> Use of payload expression to match against IPv6 nexthdr field does not
> work if extension headers are present. A simple example for that is
> matching for fragmented icmpv6 traffic. Instead, generate a 'meta
> l4proto' expression which works even if extension headers are
Heena Sirwani wrote:
> This patch fixes the crash when registering the hashlimit extension
> with xtables during init_extensions(when built with static libs) .
> The option validation function xtables_option_metavalidate has a
> loop termination condition of the entry name being NULL. The loop
>
This patch fixes the crash when registering the hashlimit extension
with xtables during init_extensions(when built with static libs) .
The option validation function xtables_option_metavalidate has a
loop termination condition of the entry name being NULL. The loop
does not terminate when
On Tue, Aug 21, 2018 at 11:46:58AM +0200, Pablo Neira Ayuso wrote:
> On Sat, Aug 11, 2018 at 10:54:21PM +0300, Oleg wrote:
> > What mechanisms for example?
>
> See Performance in
> https://netfilter.org/projects/libnetfilter_queue/doxygen/html/
Performance already read, but what about any
On Sun, Aug 12, 2018 at 08:54:31AM +0430, Saber Rezvani wrote:
> On 08/12/2018 12:24 AM, Oleg wrote:
> > On Sat, Aug 11, 2018 at 12:15:26PM +0200, Pablo Neira Ayuso wrote:
> > > We used to have mmap for nfq but that was removed because there was no
> > > performance gain from it.
> >
On Sat, Aug 11, 2018 at 10:54:21PM +0300, Oleg wrote:
> On Sat, Aug 11, 2018 at 12:15:26PM +0200, Pablo Neira Ayuso wrote:
> > We used to have mmap for nfq but that was removed because there was no
> > performance gain from it.
>
> Interesting. I didn't know about it. Was that a work without
>
Doug Smythies says:
Sometimes it is desirable to temporarily disable, or clear,
the iptables rule set on a computer being controlled via a
secure shell session (SSH). While unwise on an internet facing
computer, I also do it often on non-internet accessible computers
while testing.
13 matches
Mail list logo