Hi
I'd just change NF_IP6_PRI_RAW to -450 and use ip6tables rules in raw
table.
We will try, thanks
nft add table ip6 filter
nft add chain ...
and so on.
I have tried this, but no effect ..
Regards,
Pavel
Pavel Melnik wrote:
> We were asked to implement functionality to drop fragmented IPv6 packets,
> addressed to local interface, on device based 3.12 kernel
Urgh.
I'd just change NF_IP6_PRI_RAW to -450 and use ip6tables rules in raw
table.
> But we observed the 'same' issue if try to use
Hi
We were asked to implement functionality to drop fragmented IPv6
packets, addressed to local interface, on device based 3.12 kernel
As I understand it's not possible to do this by ip6tables rule in the
case when nf_conntrack is enabled, but it possible if use nftables
Could you please
On Tuesday 2018-12-04 11:57, Pablo Neira Ayuso wrote:
>On Tue, Dec 04, 2018 at 11:50:46AM +0100, Arturo Borrero Gonzalez wrote:
>> On 11/28/18 2:10 PM, Arturo Borrero Gonzalez wrote:
>> > On 11/28/18 1:44 PM, Arturo Borrero Gonzalez wrote:
>> >> Hi,
>> >>
>> >> Now that the iptables.git repo
On Tue, Dec 04, 2018 at 11:50:46AM +0100, Arturo Borrero Gonzalez wrote:
> On 11/28/18 2:10 PM, Arturo Borrero Gonzalez wrote:
> > On 11/28/18 1:44 PM, Arturo Borrero Gonzalez wrote:
> >> Hi,
> >>
> >> Now that the iptables.git repo offers arptables-nft and ebtables-nft,
> >> arptables.git holds
On 11/28/18 2:10 PM, Arturo Borrero Gonzalez wrote:
> On 11/28/18 1:44 PM, Arturo Borrero Gonzalez wrote:
>> Hi,
>>
>> Now that the iptables.git repo offers arptables-nft and ebtables-nft,
>> arptables.git holds arptables-legacy, etc, why we don't just rename the
>> repos?
>>
>> * from
Hi,
On Sat, 1 Dec 2018, Qian Cai wrote:
> To make overflows as obvious as possible and to prevent code from blithely
> proceeding with a truncated string. This also has a side-effect to fix a
> compilation warning when using GCC 8.2.1.
>
> net/netfilter/ipset/ip_set_core.c: In function
