Re: connlimit modul doesn't works as expected

Toralf Förster wrote: > At my server (stable hardened Gentoo with vanilla 4.15.7) I do have this rule: > > /sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match > connlimit --connlimit-above 3000 --connlimit-mask 0 --connlimit-daddr --match > limit

Re: [PATCH Netfilter] net: netfilter: Replace printk() with more standardize output format.

On Sun, Mar 11, 2018 at 12:09:07AM +0530, Arushi Singhal wrote: > printk() is the raw way to print output and should be avoided. > > For drivers with defined "struct device object", dev_*macro() is > prefer and for "struct netdevice object", netdev_*macro() is prefer over > dev_*macro() to

Re: [nft PATCH v2 1/3] nftables: rearrange files and examples

On 10 March 2018 at 09:28, Duncan Roe wrote: > > Up to Release 0.8.2, it used to be the case that after *make install*, these > example files would show up in /etc/nftables. > > Now they don't. > > I think this is a regression which needs to be addressed, We wanted to

Re: Port triggering

Hi, Sorry for previous answer, Florian, I didn't see I was answering to your own address and not to the full list. Port triggering is a basic feature that we can find in most hardware routers. Unfortunately, people wanting to build their own software router on Linux, mostly using netfilter, do

Re: Problem in setting up netfilter repository

On Sat, Mar 10, 2018 at 3:32 PM, SIMRAN SINGHAL wrote: > I cloned the repository but not able to run "./configure" script, > > It gives an error:- > Requested 'libnftnl >= 1.1.0' but version of libnftnl is 1.0.9 > > But I checked for the latest version here >

Problem in setting up netfilter repository

I cloned the repository but not able to run "./configure" script, It gives an error:- Requested 'libnftnl >= 1.1.0' but version of libnftnl is 1.0.9 But I checked for the latest version here (https://www.netfilter.org/projects/libnftnl/downloads.html) and the latest version available is 1.0.9.

connlimit modul doesn't works as expected

At my server (stable hardened Gentoo with vanilla 4.15.7) I do have this rule: /sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit --connlimit-above 3000 --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG --log-prefix "443

Re: [nft PATCH v2 1/3] nftables: rearrange files and examples

On Sat, Feb 24, 2018 at 10:06:19PM +0100, Arturo Borrero Gonzalez wrote: > Concatenate all family/hook examples into a single one by means of includes. > > Put all example files under examples/. Use the '.nft' prefix and mark > them as executable files. Use a static shebang declaration, since