-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20191206`, has been tagged in the git repository.
Please note that this snapshot is a snapshot rather than a final
release that is considered secure and bug-free. WireGuard is generally
thought to be fairly stable, and
Looks like an arch problem or a libnftnl problem. I've made a minimal
reproducer:
printf '*filter\nCOMMIT\n*raw\nCOMMIT\n*mangle\nCOMMIT\n' | sudo
iptables-nft-restore -n
I filed a bug report on Arch: https://bugs.archlinux.org/task/64755
You can follow up with them.
On 06.12.2019 18:18, Jason A. Donenfeld wrote:
But for the sake of wg-quick
the filter can be enables for wireguard interface only to be sure it
wouldn't break anything else
How do you propose this works? That'd require adding -d, right? In
that case we're back to more or less the original
On 06.12.2019 19:12, Jordan Glover wrote:
But nft rule won't be visible from iptables tools like iptables-save,
right? This may be confusing for people who still use iptables for
setting up firewall on their systems.
Right. And for those using NFT, they will see a strange rule in their
On Friday, December 6, 2019 3:52 PM, Jason A. Donenfeld wrote:
> On Fri, Dec 6, 2019 at 4:36 PM Jordan Glover
> golden_mille...@protonmail.ch wrote:
>
> > iptables is from Arch Linux iptables-nft package:
> > $ iptables --version
> > iptables v1.8.3 (nf_tables)
>
> Does the segfault happen with
On Friday, December 6, 2019 4:03 PM, Vasili Pupkin wrote:
> On 06.12.2019 18:08, Jason A. Donenfeld wrote:
>
> > On Fri, Dec 6, 2019 at 4:06 PM Jordan Glover
> > golden_mille...@protonmail.ch wrote:
> >
> > > On Thursday, December 5, 2019 8:24 PM, Jason A. Donenfeld ja...@zx2c4.com
> > > wrote:
On 06.12.2019 18:08, Jason A. Donenfeld wrote:
On Fri, Dec 6, 2019 at 4:06 PM Jordan Glover
wrote:
On Thursday, December 5, 2019 8:24 PM, Jason A. Donenfeld
wrote:
If we can make nft coexistance work reliably, perhaps we can run the
nft rule on systems where the nft binary simply exists.
On Fri, Dec 6, 2019 at 4:36 PM Jordan Glover
wrote:
> iptables is from Arch Linux iptables-nft package:
>
> $ iptables --version
> iptables v1.8.3 (nf_tables)
Does the segfault happen with the latest version in the git repo?
https://git.zx2c4.com/WireGuard/tree/src/tools/wg-quick/linux.bash
On Friday, December 6, 2019 3:20 PM, Jason A. Donenfeld wrote:
> On Fri, Dec 6, 2019 at 4:11 PM Jordan Glover
> golden_mille...@protonmail.ch wrote:
>
> > Hi, this release cause coredump on wg-quick down action:
> > systemd[1]: Stopping WireGuard via wg-quick(8) for wg0...
> > wg-quick[2241]:
On Fri, Dec 6, 2019 at 4:11 PM Jordan Glover
wrote:
>
> On Thursday, December 5, 2019 10:55 AM, Jason A. Donenfeld
> wrote:
>
> > Hello,
> >
> > A new snapshot, `0.0.20191205`, has been tagged in the git repository.
> >
> > Please note that this snapshot is a snapshot rather than a final
> >
Hi Vasili,
On Thu, Dec 5, 2019 at 10:28 PM Vasili Pupkin wrote:
> I've just figured out that the same effect can also be achieved with
> iptables:
> iptables -t filter -I INPUT -m addrtype --limit-iface-in ! --dst-type
> LOCAL -j DROP
Neat trick, but it still requires this to run on all
On Thursday, December 5, 2019 10:55 AM, Jason A. Donenfeld
wrote:
> Hello,
>
> A new snapshot, `0.0.20191205`, has been tagged in the git repository.
>
> Please note that this snapshot is a snapshot rather than a final
> release that is considered secure and bug-free. WireGuard is generally
>
On Fri, Dec 6, 2019 at 4:06 PM Jordan Glover
wrote:
>
> On Thursday, December 5, 2019 8:24 PM, Jason A. Donenfeld
> wrote:
>
> >
> > If we can make nft coexistance work reliably, perhaps we can run the
> > nft rule on systems where the nft binary simply exists.
> >
>
> Will this work correctly
Hi all,
So the nft rule worked flawlessly on our Ubuntu machines, but I'm
having trouble applying the rule in Manjaro (undoubtedly user error).
I'll try again on some different machines in the lab.
Addressing zrm's question about carrying out the first two parts of the
attack with rp_filter is
On Thursday, December 5, 2019 8:24 PM, Jason A. Donenfeld
wrote:
>
> If we can make nft coexistance work reliably, perhaps we can run the
> nft rule on systems where the nft binary simply exists.
>
Will this work correctly on systems where nft binary exist but only
iptables rules are used?
15 matches
Mail list logo