Linux TCP/IP Netfilter

Thread Index

[Prev Page][Next Page]

iptables with DNAT target to multiple port range translation
- From: Jack <jackzzjack@xxxxxxxxx>
[announce] nfacct-bash_completion 1.0
- From: AllKind <AllKind@xxxxxxxxxx>
Re: Split traffic between VPN and local interface
- From: "Perol.Chen" <perol.chen@xxxxxxxxx>
Re: netfilter-queue: Incorrect UDP checksum computation in nfq_udp_compute_checksum_ipv4
- From: Mathias Koehrer <mathias.koehrer@xxxxxxxx>
Re: netfilter-queue: Incorrect UDP checksum computation in nfq_udp_compute_checksum_ipv4
- From: Mathias Koehrer <mathias.koehrer@xxxxxxxx>
Re: netfilter-queue: Incorrect UDP checksum computation in nfq_udp_compute_checksum_ipv4
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
netfilter-queue: Incorrect UDP checksum computation in nfq_udp_compute_checksum_ipv4
- From: Mathias Koehrer <mathias.koehrer@xxxxxxxx>
Re: Split traffic between VPN and local interface
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Split traffic between VPN and local interface
- From: "Perol.Chen" <perol.chen@xxxxxxxxx>
Nftables or Iptables/Ebtables for a simple linux bridge?
- From: Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx>
Fwd: NAT cgroup not working after cgclassify?
- From: Kris <soulkris@xxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx>
Re: tcp reset flags when forwarding incoming traffic on bridge
- From: k c <kisscoolandthegangbang@xxxxxxxxxx>
Re: tcp reset flags when forwarding incoming traffic on bridge
- From: k c <kisscoolandthegangbang@xxxxxxxxxx>
tcp reset flags when forwarding incoming traffic on bridge
- From: k c <kisscoolandthegangbang@xxxxxxxxxx>
Re: Packets (sometimes) not marked as RELATED/ESTABLISHED
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: Packets (sometimes) not marked as RELATED/ESTABLISHED
- From: Mart Frauenlob <mart.frauenlob@xxxxxxxxx>
Re: Packets (sometimes) not marked as RELATED/ESTABLISHED
- From: Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx>
Packets (sometimes) not marked as RELATED/ESTABLISHED
- From: Christian Robottom Reis <kiko@xxxxxxx>
Re: nftables: Anonymous vs. Named Set (ipv4_addr with netmask)
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
nftables: Anonymous vs. Named Set (ipv4_addr with netmask)
- From: "Garrett ." <orthostatic@xxxxxxxxx>
Re: [ANNOUNCE] ipset 6.29 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [ANNOUNCE] ipset 6.29 released
- From: AllKind <AllKind@xxxxxxxxxx>
[ANNOUNCE] ipset 6.29 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: nftables: DNAT state in connection tracking?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
In-kernel packet forwarding from one port to multiple ports
- From: Claudio Scordino <claudio@xxxxxxxxxxxxxxx>
libnetfilter_conntrack's NFCT_OF_TIMESTAMP is not working
- From: ravin goyal <ravirocks1021@xxxxxxxxx>
[announce] ipset_list 3.4 released
- From: AllKind <AllKind@xxxxxxxxxx>
[ANNOUNCE] ipset 6.28 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: "Operation not permitted" from nf_conntrack under high UDP load
- From: Sebastian Damm <damm@xxxxxxxxxx>
Re: [PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Bhumika Goyal <bhumirks@xxxxxxxxx>
Re: [PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
Re: [PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Bhumika Goyal <bhumirks@xxxxxxxxx>
Re: [PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Bhumika Goyal <bhumirks@xxxxxxxxx>
Re: [PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Piyush Pangtey <gokuvsvegita@xxxxxxxxx>
Re: [PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] extensions: libxt_CONNMARK.c: Add translation to nft
- From: Bhumika Goyal <bhumirks@xxxxxxxxx>
Re: Connection tracking notification events
- From: Anil kumar <anilkumar508@xxxxxxxxx>
Re: Connection tracking notification events
- From: Gadre Nayan <gadrenayan@xxxxxxxxx>
Connection tracking notification events
- From: Anil kumar <anilkumar508@xxxxxxxxx>
Re: NTP forwarding
- From: Karol Babioch <karol@xxxxxxxxxx>
Re: Rewriting target IP and port on Linux with iptables or firewall-cmd
- From: Alex Barylo <abarylo@xxxxxxxxx>
Re: NTP forwarding
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: NTP forwarding
- From: Vigneswaran R <vignesh@xxxxxxxxxxx>
Re: NTP forwarding
- From: Remzi AKYÜZ <linuxliste@xxxxxxxxx>
Re: NTP forwarding
- From: Tobias Andresen <tobiasarp@xxxxxx>
Re: NTP forwarding
- From: Tobias Andresen <tobiasarp@xxxxxx>
Re: NTP forwarding
- From: Remzi AKYÜZ <linuxliste@xxxxxxxxx>
Re: NTP forwarding
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: NTP forwarding
- From: Tobias Andresen <tobiasarp@xxxxxx>
Re: Rewriting target IP and port on Linux with iptables or firewall-cmd
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: NTP forwarding
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
NTP forwarding
- From: Tobias Andresen <tobiasarp@xxxxxx>
Re: Rewriting target IP and port on Linux with iptables or firewall-cmd
- From: Sven-Haegar Koch <haegar@xxxxxxxxx>
Re: Rewriting target IP and port on Linux with iptables or firewall-cmd
- From: Harout Hedeshian <harout@xxxxxxxxxxxxx>
Rewriting target IP and port on Linux with iptables or firewall-cmd
- From: Alex Barylo <abarylo@xxxxxxxxx>
Re: "Operation not permitted" from nf_conntrack under high UDP load
- From: Sebastian Damm <damm@xxxxxxxxxx>
Re: "Operation not permitted" from nf_conntrack under high UDP load
- From: Kevin Holly <root@xxxxxxxxxx>
"Operation not permitted" from nf_conntrack under high UDP load
- From: Sebastian Damm <damm@xxxxxxxxxx>
nftables: DNAT state in connection tracking?
- From: Karol Babioch <karol@xxxxxxxxxx>
nftables: Specify multiple protocols in one rule
- From: Karol Babioch <karol@xxxxxxxxxx>
Re: How are ct helper to be configured with NFT ?
- From: christophe leroy <christophe.leroy@xxxxxx>
Re: Ipset Match equal function
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Ipset Match equal function
- From: Gadre Nayan <gadrenayan@xxxxxxxxx>
Re: Problem inserting a new connection with conntrack
- From: Bill <boober95@xxxxxxxxxx>
Re: Contributing changes to conntrack
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Contributing changes to conntrack
- From: Gadre Nayan <gadrenayan@xxxxxxxxx>
Re: Ipset kernel module functions
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Ipset kernel module functions
- From: Gadre Nayan <gadrenayan@xxxxxxxxx>
NAT Pool
- From: Travis Garrison <travis@xxxxxxxxxxxxx>
IPSET spec/rpm for CentOS7
- From: Ricardo Felipe Klein <klein.rfk@xxxxxxxxx>
Re: Ipset kernel module functions
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Ipset kernel module functions
- From: Gadre Nayan <gadrenayan@xxxxxxxxx>
Re: Confusion regarding nfct_query and nfct_callback_register
- From: Gadre Nayan <gadrenayan@xxxxxxxxx>
Re: debugging a libnetfilter_queue program and stdout
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
matching source UDP port (in kernel module)
- From: Michael Ritzert <michael.ritzert@xxxxxxxxxxxxxxxxxxxxxx>
debugging a libnetfilter_queue program and stdout
- From: "Michael D. Berger" <m.d.berger@xxxxxxxx>
Re: Configure ICMP error source address
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
nftables: limit connections per IP address
- From: Pavel Volkov <sailor@xxxxxxxxxxxxxxxxxx>
Re: Need tech explanation for NFLog TLV type 16 (0x10) - hardware link layer header
- From: "Peter Reckmann" <preckmann@xxxxxxxxx>
Re: Confusion regarding nfct_query and nfct_callback_register
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Confusion regarding nfct_query and nfct_callback_register
- From: Gadre Nayan <gadrenayan@xxxxxxxxx>
Re: Failing to compile latest iptables from git
- From: Mart Frauenlob <mart.frauenlob@xxxxxxxxx>
Re: Centos 7; Ulogd 2.05; MySQL; NFLOG
- From: Angel <angel.iniesta@xxxxxxxxx>
Re: Failing to compile latest iptables from git
- From: Mart Frauenlob <mart.frauenlob@xxxxxxxxx>
Failing to compile latest iptables from git
- From: Mart Frauenlob <mart.frauenlob@xxxxxxxxx>
Problem inserting a new connection with conntrack
- From: Llorente Santos Jesus <jesus.llorente.santos@xxxxxxxx>
two bridges back-to-back with veth pairs, SNAT not working and traffic goes missing ?
- From: Scott McGillivray <scott.mcgillivray@xxxxxxxxx>
Using iptables to only allow a specific application to use certain ports
- From: Thomas Nyberg <tomuxiong@xxxxxxxxx>
Filtering traffic between machines on same wireless access point
- From: brian demsky <bdemsky2@xxxxxxxxx>
[ANNOUNCE] 12th Netfilter Workshop in Amsterdam, Netherlands
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Failed to start IPv4 firewall with iptables
- From: GUNA <gbalasun@xxxxxxxxx>
[announce] iptables-bash_completion 1.4 - Bash shell programmable completion for ip[6]tables
- From: AllKind <AllKind@xxxxxxxxxx>
ebtables for traffic shaping over bridge
- From: "Surabhi Goswami" <sgoswami@xxxxxxx>
Re: About using -i with MASQUERADE
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: About using -i with MASQUERADE
- From: Mart Frauenlob <mart.frauenlob@xxxxxxxxx>
Re: About using -i with MASQUERADE
- From: Vigneswaran R <vignesh@xxxxxxxxxxx>
Re: About using -i with MASQUERADE
- From: Vigneswaran R <vignesh@xxxxxxxxxxx>
Need tech explanation for NFLog TLV type 16 (0x10) - hardware link layer header
- From: "Peter Reckmann" <preckmann@xxxxxxxxx>
Re: [PATCH] extensions: fix cgroup2 help message in libxt_cgroup.c.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH] extensions: fix cgroup2 help message in libxt_cgroup.c.
- From: Rami Rosen <rami.rosen@xxxxxxxxx>
Netfilter matching modules and revisions
- From: Kevin Wilson <wkevils@xxxxxxxxx>
Re: About using -i with MASQUERADE
- From: Bastian Bittorf <bittorf@xxxxxxxxxxxxxx>
About using -i with MASQUERADE
- From: Fabio Pedretti <fabio.pedretti@xxxxxxxx>
Re: nf_unregister_net_hook: hook not found!
- From: Joe Stringer <joe@xxxxxxx>
iptables-compat experiment
- From: BM-2cTo8LKiXYzGzHXHxGuBVMuwYKW4TG5geR@xxxxxxxxxxxxx
how to migrate legacy netfilter rule that used "--userspace-helper"
- From: "Amaro, Anthony" <anthonyamaro@xxxxxxxxxxx>
Is conntrack -D atomic?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
how to use iptables with bridge?
- From: linkod <linkod11@xxxxxxxxx>
Re: Configure ICMP error source address
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
Re: Configure ICMP error source address
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: Configure ICMP error source address
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Configure ICMP error source address
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
Re: Configure ICMP error source address
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: Configure ICMP error source address
- From: prmarino1@xxxxxxxxx
Re: Configure ICMP error source address
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: Configure ICMP error source address
- From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
Re: Configure ICMP error source address
- From: prmarino1@xxxxxxxxx
Configure ICMP error source address
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: Misterke <netfilter@xxxxxxxxxxx>
Re: ulogd's SQLITE3 "buffer" option
- From: Eric Leblond <eric@xxxxxxxxx>
Re: nf_unregister_net_hook: hook not found!
- From: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
Re: nf_unregister_net_hook: hook not found!
- From: ebiederm@xxxxxxxxxxxx (Eric W. Biederman)
Re: ulogd's SQLITE3 "buffer" option
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nf_unregister_net_hook: hook not found!
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
ulogd's SQLITE3 "buffer" option
- From: Alex Xu <alex_y_xu@xxxxxxxx>
Re: Problems with bridge+router setup
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: Misterke <netfilter@xxxxxxxxxxx>
nf_unregister_net_hook: hook not found!
- From: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: Misterke <netfilter@xxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: Misterke <netfilter@xxxxxxxxxxx>
Re: Problems with bridge+router setup
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Problems with bridge+router setup
- From: Kurt Haenen <Kurt.Haenen@xxxxxxxxxxx>
Re: best distro to build iptable firewall
- From: prmarino1@xxxxxxxxx
Re: best distro to build iptable firewall
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: best distro to build iptable firewall
- From: Satish Patel <satish.txt@xxxxxxxxx>
best distro to build iptable firewall
- From: Satish Patel <satish.txt@xxxxxxxxx>
connlimit counters start over after iptables restored
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: [ANNOUNCE] iptables 1.6.0 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [ANNOUNCE] iptables 1.6.0 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
[ANNOUNCE] iptables 1.6.0 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Can iptables handle 10G link traffic?
- From: Mauricio Tavares <raubvogel@xxxxxxxxx>
Can iptables handle 10G link traffic?
- From: Satish Patel <satish.txt@xxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
ctnetlink_change_conntrack - cannot change NAT - alternative: (atomic) destroy and create
- From: Sargun Dhillon <sargun@xxxxxxxxx>
libnetfilter_conntrack: set_attr_dnat_ipv4
- From: Sargun Dhillon <sargun@xxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: nftables: Example involving payload_raw_expr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
iptables mangle PREROUTING on br0.17
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jan Engelhardt <jengelh@xxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Florian Westphal <fw@xxxxxxxxx>
F23 nlif symbols undefined
- From: "Michael D. Berger" <m.d.berger@xxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Remzi AKYÜZ <linuxliste@xxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Remzi AKYÜZ <linuxliste@xxxxxxxxx>
Linux 4.3.1 regression: -m state returns "Protocol wrong type for socket"
- From: Dâniel Fraga <fragabr@xxxxxxxxx>
Re: block ip fragmented packet
- From: Satish Patel <satish.txt@xxxxxxxxx>
Re: block ip fragmented packet
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: block ip fragmented packet
- From: Satish Patel <satish.txt@xxxxxxxxx>
Re: block ip fragmented packet
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: block ip fragmented packet
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
block ip fragmented packet
- From: Satish Patel <satish.txt@xxxxxxxxx>
Re: using iptables matches and targets with nft
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
using iptables matches and targets with nft
- From: Stefan Berghofer <stefan.berghofer@xxxxxxxxxxx>
Re: help,i have a problem with nftable redirect
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: help,i have a problem with nftable redirect
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
help,i have a problem with nftable redirect
- From: "Jack Lin" <helloworldjack@xxxxxxxx>
Re: nftables rate limit logging and then drop
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: IPTables connection mark rule stops working
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
IPTables connection mark rule stops working
- From: Justin Michael Schwartzbeck <justinmschw@xxxxxxxxx>
Re: Marking frames with ebtables for iptables
- From: Oliver Graute <oliver.graute@xxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Marking frames with ebtables for iptables
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Marking frames with ebtables for iptables
- From: Oliver Graute <oliver.graute@xxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
Re: Marking frames with ebtables for iptables
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
How to confirm the packet received is IP
- From: "Michael D. Berger" <m.d.berger@xxxxxxxx>
nfq_get_packet_hw
- From: "Michael D. Berger" <m.d.berger@xxxxxxxx>
Re: Packet disappears after DNAT?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Packet disappears after DNAT?
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
Packet disappears after DNAT?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
Re: Why isn't DNAT happening for host-originated packets?
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
Why isn't DNAT happening for host-originated packets?
- From: Scott Bronson <bronson@xxxxxxxxxxx>
redirect traffic to loopback
- From: Unknown User <knowsuperunknown@xxxxxxxxx>
nftables rate limit logging and then drop
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
Re: Connection tracking Cli and an ALG for DNS
- From: Bill <boober95@xxxxxxxxxx>
Marking frames with ebtables for iptables
- From: Oliver Graute <oliver.graute@xxxxxxxxx>
Re: Connection tracking Cli and an ALG for DNS
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
[PATCH 1/1] Fix musl build issue
- From: Jörg Krause <joerg.krause@embedded.rocks>
[ANNOUNCE] NetDev 1.1 updates (Seville, Spain February 10-12)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
nftables: Example involving payload_raw_expr
- From: Stefan Berghofer <stefan.berghofer@xxxxxxxxxxx>
How can I configure linux routing with bridge interfaces to apply iptables rules for tcp packets?
- From: salih ahi <salihahi@xxxxxxxxx>
Re: iptables and policy based routing together
- From: Shaun Savage <savages@xxxxxxxxxxx>
New Netfilter core team PGP key (0x26D292E4)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: iptables: unknown protocol "!" specified
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: iptables: unknown protocol "!" specified
- From: Roger Price <roger@xxxxxxxxxxxxxx>
Re: iptables: unknown protocol "!" specified
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: iptables: unknown protocol "!" specified
- From: Roger Price <roger@xxxxxxxxxxxxxx>
Re: iptables: unknown protocol "!" specified
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
iptables: unknown protocol "!" specified
- From: Roger Price <roger@xxxxxxxxxxxxxx>
Re: Connection tracking Cli and an ALG for DNS
- From: Bill <boober95@xxxxxxxxxx>
Re: "raw" table versus "filter" table
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: "raw" table versus "filter" table
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
"raw" table versus "filter" table
- From: David TAILLANDIER - DIGI VALUE <david.taillandier@xxxxxxxxxxxxx>
Re: nftables DNAT change destport
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [Bulk] Connection tracking Cli and an ALG for DNS
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
Re: [Bulk] Connection tracking Cli and an ALG for DNS
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
nftables DNAT change destport
- From: Pankaj Yadav <pankajdnapster@xxxxxxxxx>
Re: netfilter.org connectivity problems
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
netfilter.org connectivity problems
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
iptables: ipv4 masquerade between class c subnets
- From: Mark Carey <mark.carey@xxxxxxxxx>
[ANNOUNCE] ipset 6.27 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: [Bulk] Connection tracking Cli and an ALG for DNS
- From: Bill <boober95@xxxxxxxxxx>
Re: OpenDPI and Netfilter
- From: Michael Schwartzkopff <ms@xxxxxxx>
OpenDPI and Netfilter
- From: Bernhard Thaler <bernhard.thaler@xxxxxxxx>
Connection tracking Cli and an ALG for DNS
- From: Bill <boober95@xxxxxxxxxx>
Re: OpenDPI and Netfilter
- From: Michael Schwartzkopff <ms@xxxxxxx>
OpenDPI and Netfilter
- From: "Laurent B." <laurentb@xxxxxxxx>
Re: nftables segv while trying to use nat redirection with map
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: nftables segv while trying to use nat redirection with map
- From: Steve Horsley <steve.horsley@xxxxxxxxx>
Re: nftables segv while trying to use nat redirection with map
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nftables segv while trying to use nat redirection with map
- From: Steve Horsley <steve.horsley@xxxxxxxxx>
Re: [PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
Re: nftables: NAT table not receiving any traffic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
RE: nftables: NAT table not receiving any traffic
- From: Jakub Sztandera <k.sztandera@xxxxxxxxxxx>
nftables: NAT table not receiving any traffic
- From: Jakub Sztandera <k.sztandera@xxxxxxxxxxx>
Re: nftables: bridge filter with queue to userspace
- From: Martin Gröger <mgroeger1@xxxxxx>
Re: nftables: bridge filter with queue to userspace
- From: Florian Westphal <fw@xxxxxxxxx>
Re: nftables: bridge filter with queue to userspace
- From: Martin Gröger <mgroeger1@xxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
Re: [PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: nftables: bridge filter with queue to userspace
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: kernel modules: was Re: Masquerading with selectively open ports -- nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: nftables: bridge filter with queue to userspace
- From: Martin Gröger <mgroeger1@xxxxxx>
Re: [PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: [PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: Ani Sinha <ani@xxxxxxxxxx>
kernel modules: was Re: Masquerading with selectively open ports -- nftables
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
Re: nftables: bridge filter with queue to userspace
- From: Florian Westphal <fw@xxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
Re: nftables: bridge filter with queue to userspace
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Wiki editing
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Wiki editing
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
nftables: bridge filter with queue to userspace
- From: Martin Gröger <mgroeger1@xxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Transparent Bridge NAT Issue
- From: GhostOp14 <ghostop14@xxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Re: [PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
Re: Masquerading with selectively open ports -- nftables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Masquerading with selectively open ports -- nftables
- From: Johannes Ernst <johannes.ernst@xxxxxxxxx>
Re: Help needed with installation errors
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: [PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Help needed with installation errors
- From: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
Re: [PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[PATCH 1/1] commit c6825c0976fa7893692e0e43b09740b419b23c09 upstream.
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: Question: Why it is not possible to mark packet BEFORE first "route selection" in OUTPUT chain
- From: macach <macachuto@xxxxxxxxx>
Re: Question: Why it is not possible to mark packet BEFORE first "route selection" in OUTPUT chain
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Question: Why it is not possible to mark packet BEFORE first "route selection" in OUTPUT chain
- From: macach <macachuto@xxxxxxxxx>
Re: Redirecting external IP/Port from localhost to an ssh tunnel on localhost
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: nftables DNAT not working
- From: palica <palica+netfiler@xxxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Florian Westphal <fw@xxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Ani Sinha <ani@xxxxxxxxxx>
Redirecting external IP/Port from localhost to an ssh tunnel on localhost
- From: Gaetan Lord <email@xxxxxxxxxxxxx>
nftables DNAT not working
- From: palica <palica+netfiler@xxxxxxxxxx>
Re: Re: Re: nft 'script' not working
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Aw: Re: Re: nft 'script' not working
- From: giorgio.nicole@xxxxxxxx
Re: Re: nft 'script' not working
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Aw: Re: nft 'script' not working
- From: giorgio.nicole@xxxxxxxx
Re: How to use NFT inet sets???
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
How to use NFT inet sets???
- From: "sabitov@xxxxxxxxxx" <sabitov@xxxxxxxxxx>
Re: nft 'script' not working
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
nft 'script' not working
- From: giorgio.nicole@xxxxxxxx
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Florian Westphal <fw@xxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Florian Westphal <fw@xxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: nftables segv while trying to use nat redirection with map
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
nftables segv while trying to use nat redirection with map
- From: Steve Horsley <steve.horsley@xxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Florian Westphal <fw@xxxxxxxxx>
Re: linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Ani Sinha <ani@xxxxxxxxxx>
Lots of WARNINGs in sch_hfsc with attached codel or fq_codel
- From: Miroslav Kratochvil <exa.exa@xxxxxxxxx>
Using NPTv6 with stateful firewall
- From: Ben Swartzlander <ben@xxxxxxxxxxxxxxxx>
Re: Kernel panic in 4.1.6 in nf_nat_redirect
- From: Andrew <nitr0@xxxxxxxxxx>
Re: Kernel panic in 4.1.6 in nf_nat_redirect
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: The differences between hash:ip and hash:net.
- From: Hongyi Zhao <hongyi.zhao@xxxxxxxxx>
Re: The differences between hash:ip and hash:net.
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
The differences between hash:ip and hash:net.
- From: Hongyi Zhao <hongyi.zhao@xxxxxxxxx>
Re: using conntrack to drop connections?
- From: prmarino1@xxxxxxxxx
ipset based police routing not works with openvpn.
- From: Hongyi Zhao <hongyi.zhao@xxxxxxxxx>
using conntrack to drop connections?
- From: Stéphane Charette <stephanecharette@xxxxxxxxx>
Re: How are ct helper to be configured with NFT ?
- From: Christophe Leroy <christophe.leroy@xxxxxx>
Re: How are ct helper to be configured with NFT ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: How are ct helper to be configured with NFT ?
- From: Jason Sipula <alupis1@xxxxxxxxx>
Re: How are ct helper to be configured with NFT ?
- From: christophe leroy <christophe.leroy@xxxxxx>
iptables 1.4.21 'transient' error
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: nft rule to redirect multiple ports using maps
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: nft rule to redirect multiple ports using maps
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
nft rule to redirect multiple ports using maps
- From: Giorgio <giorgio.nicole@xxxxxxxx>
linux 3.4.43 : kernel crash at __nf_conntrack_confirm
- From: Ani Sinha <ani@xxxxxxxxxx>
Re: Kernel panic in 4.1.6 in nf_nat_redirect
- From: Andrew <nitr0@xxxxxxxxxx>
Re: Kernel panic in 4.1.6 in nf_nat_redirect
- From: Andrew <nitr0@xxxxxxxxxx>
Re: Kernel panic in 4.1.6 in nf_nat_redirect
- From: Andrew <nitr0@xxxxxxxxxx>
Re: Kernel panic in 4.1.6 in nf_nat_redirect
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Problems receiving UDP multicast traffic on bridge interface
- From: Aleksander Morgado <aleksander@xxxxxxxxxxxxx>
Re: Problems receiving UDP multicast traffic on bridge interface
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
Problems receiving UDP multicast traffic on bridge interface
- From: Aleksander Morgado <aleksander@xxxxxxxxxxxxx>
Obtaining process which generated packet
- From: "W. Michael Petullo" <mike@xxxxxxxx>
Kernel panic in 4.1.6 in nf_nat_redirect
- From: Andrew <nitr0@xxxxxxxxxx>
Re: What mean rules with no target? / counters
- From: Bastian Bittorf <bittorf@xxxxxxxxxxxxxx>
Re: What mean rules with no target?
- From: f0rhum@xxxxxxx
Re: Using ipset 6.26 with kernel 3.12.47
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
[Noob Q.:] UDP, complementary DNAT+SNAT unicast->multicast ==> uh oh, conntrack hurdle...
- From: "Frantisek Rysanek" <Frantisek.Rysanek@xxxxxxx>
Using ipset 6.26 with kernel 3.12.47
- From: Nikolay Borisov <n.borisov@xxxxxxxxxxxxxx>
Re: What mean rules with no target?
- From: Bastian Bittorf <bittorf@xxxxxxxxxxxxxx>
What mean rules with no target?
- From: f0rhum <f0rhum@xxxxxxx>
network namespaces and conntrack
- From: Corin Langosch <info@xxxxxxxxxxxxxxxxx>
Re: nftables wiki
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
migration of ebtables arp rule to nftables
- From: Corin Langosch <info@xxxxxxxxxxxxxxxxx>
nftables wiki
- From: Richard Melville <richardm@xxxxxxxxxxxxxxxxx>
Re: SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead
- From: Christophe Leroy <christophe.leroy@xxxxxx>
Re: SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead
- From: Patrick McHardy <kaber@xxxxxxxxx>
SIP messages with no/invalid CSeq are dropped by nf_ct_sip, 400 Bad Request is expected instead
- From: Christophe Leroy <christophe.leroy@xxxxxx>
Re: how to do port forwarding using nftables map
- From: 神楽坂玲奈 <zh99998@xxxxxxxxx>
Re: how to do port forwarding using nftables map
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: how to do port forwarding using nftables map
- From: 神楽坂玲奈 <zh99998@xxxxxxxxx>
Re: how to do port forwarding using nftables map
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
how to do port forwarding using nftables map
- From: 神楽坂玲奈 <zh99998@xxxxxxxxx>
ebtables rule to forward the frames to specific interface.
- From: arunkumar velayutham <arun.softtech@xxxxxxxxx>
[ANNOUNCE] nftables 0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ANNOUNCE] libnftnl 1.0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
RE: Kernel access of bad area
- From: "Tamtamis, Panagiotis" <panagiotis.tamtamis@xxxxxxxxx>
Re: Kernel access of bad area
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
RE: Kernel access of bad area
- From: "Tamtamis, Panagiotis" <panagiotis.tamtamis@xxxxxxxxx>
Kernel access of bad area
- From: "Tamtamis, Panagiotis" <panagiotis.tamtamis@xxxxxxxxx>
Re: [ANNOUNCE] libnftnl 1.0.4 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
[ANNOUNCE] libnftnl 1.0.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: nflog : We are losing events. Increasing buffer size to 1736704
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: nflog : We are losing events. Increasing buffer size to 1736704
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Netfilter: BUG: unable to handle kernel paging request, RIP: physdev_mt+0xd6/0x160
- From: Florian Westphal <fw@xxxxxxxxx>
Re: iptables TRACE not logged
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
Re: Netfilter: BUG: unable to handle kernel paging request, RIP: physdev_mt+0xd6/0x160
- From: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
Re: Netfilter: BUG: unable to handle kernel paging request, RIP: physdev_mt+0xd6/0x160
- From: Florian Westphal <fw@xxxxxxxxx>
Netfilter: BUG: unable to handle kernel paging request, RIP: physdev_mt+0xd6/0x160
- From: Sander Eikelenboom <linux@xxxxxxxxxxxxxx>
Re: iptables TRACE not logged
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: iptables TRACE not logged
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
Re: iptables TRACE not logged
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: iptables TRACE not logged
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
Re: iptables TRACE not logged
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
iptables TRACE not logged
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
[ANNOUNCE] conntrack-tools 1.4.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[ANNOUNCE] libnetfilter_conntrack 1.0.5
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Limitation on number of rules
- From: Thomas Delrue <delrue.thomas@xxxxxxxxx>
nflog : We are losing events. Increasing buffer size to 1736704
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: ulog dropping packets when rate is 4000 packets/sec or more
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: ulog dropping packets when rate is 4000 packets/sec or more
- From: Eric Leblond <eric@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: ulog dropping packets when rate is 4000 packets/sec or more
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
ulog dropping packets when rate is 4000 packets/sec or more
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Feature suggestion ...
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Feature suggestion ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: nftables multi-dimensional dictionaries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
RE: nftables multi-dimensional dictionaries
- From: Alex Chapman <ajchapman88@xxxxxxxxxxxxx>
Re: nftables multi-dimensional dictionaries
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
are restore-mark and -m connmark same ?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Behavior of iptables-save and iptables-restore when run concurrently
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
nftables multi-dimensional dictionaries
- From: Alex Chapman <ajchapman88@xxxxxxxxxxxxx>
Re: IPv6 fragmentation next header missing in some cases in the skb
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: IPv6 fragmentation next header missing in some cases in the skb
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
IPv6 fragmentation next header missing in some cases in the skb
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Behavior of iptables-save and iptables-restore when run concurrently
- From: Thomas Delrue <delrue.thomas@xxxxxxxxx>
[ANNOUNCE] ipset 6.26 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Issues with MASQUARDE and FreeBSD router.
- From: Eliezer Croitoru <eliezer@xxxxxxxxxxxx>
byte counters counts 14 bytes less?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: wrong info in ipset man pages
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: ipset memory usage
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Centos 7; Ulogd 2.05; MySQL; NFLOG
- From: Scott Ruckh <netfilter@xxxxxxxxxxx>
RE: Accept clients that were seen at least twice only
- From: André Paulsberg-Csibi <Andre.Paulsberg-Csibi@xxxxxxxx>
Re: Accept clients that were seen at least twice only
- From: Jeff <Jeff.Meyers@xxxxxxx>
Accept clients that were seen at least twice only
- From: Jeff <Jeff.Meyers@xxxxxxx>
Re: how to use hash:ip,mark in iptables ?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: how to use hash:ip,mark in iptables ?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
how to use hash:ip,mark in iptables ?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
wrong info in ipset man pages
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
checking mark values in iptables from ipset ...
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: ipset memory usage
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: ip6tables reject targets
- From: Nikolai Lusan <nikolai@xxxxxxxxxxx>
Re: ip6tables reject targets
- From: Kevin Holly <root@xxxxxxxxxx>
ip6tables reject targets
- From: Nikolai Lusan <nikolai@xxxxxxxxxxx>
Does nft offers performance advantage over iptables?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
ipset memory usage
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Bridged interfaces are not accepting arp replay packages
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
logging rule ID
- From: Ken-ichirou MATSUZAWA <chamaken@xxxxxxxxx>
Re: make modules_install Error : Can't read private key
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: make modules_install Error : Can't read private key
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: make modules_install Error : Can't read private key
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Bridged interfaces are not accepting arp replay packages
- From: Tugrul Erdogan <h.tugrul.erdogan@xxxxxxxxx>
Re: ipset v6.25.1 does not recognize 'counters' as option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: ipset v6.25.1 does not recognize 'counters' as option
- From: Soroosh Sardari <soroosh.sardari@xxxxxxxxx>
Re: ipset v6.25.1 does not recognize 'counters' as option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Fails to NAT and Route reply packets for Multiple Interfaces
- From: Anand Raj Manickam <anandrm@xxxxxxxxx>
Re: ipset v6.25.1 does not recognize 'counters' as option
- From: Soroosh Sardari <soroosh.sardari@xxxxxxxxx>
Re: ipset v6.25.1 does not recognize 'counters' as option
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
ipset v6.25.1 does not recognize 'counters' as option
- From: Soroosh Sardari <soroosh.sardari@xxxxxxxxx>
Re: make modules_install Error : Can't read private key
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: make modules_install Error : Can't read private key
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
nf.conntrack_max and bucket setting - how to calculate?
- From: Paul Simons <paul.simons@xxxxxxxxxxxxxx>
Fails to NAT and Route reply packets for Multiple Interfaces
- From: Anand Raj Manickam <anandrm@xxxxxxxxx>
make modules_install Error : Can't read private key
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: ICMPv6 Type 1 Code 5 and 6 missing in iptables REJECT target and icmpv6 match
- From: Jan Engelhardt <jengelh@xxxxxxx>
ICMPv6 Type 1 Code 5 and 6 missing in iptables REJECT target and icmpv6 match
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
Re: conntrackd and natted tcp sessions
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
conntrackd and natted tcp sessions
- From: Тен Лев <leo.ten@xxxxxxxxx>
Algo of HiPAC
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Creating a LAN only null routed network (no access to internet)
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Re: Filtering bogon ranges from exiting WAN
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Creating a LAN only null routed network (no access to internet)
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: Creating a LAN only null routed network (no access to internet)
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
nftables custom protocol filtering
- From: Dmitry Liman <blaecwen@xxxxxxxxx>
Creating a LAN only null routed network (no access to internet)
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Filtering bogon ranges from exiting WAN
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: unknown option "--map-set"
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: unknown option "--map-set"
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: unknown option "--map-set"
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
unknown option "--map-set"
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Routing 192.168.1.0/24 to ISP and 192.168.2.0/24 to VPN using fwmark+mangle+iproute
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Re: GPL violation in Ahnlab Online Security.
- From: alvin <alvin.sm@xxxxxxxxxxxxxxxxxxxxxxxxx>
REDIRECT and UDP in client
- From: Madhan <madhan.mepco@xxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
GPL violation in Ahnlab Online Security.
- From: perillamint <perillamint@xxxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: Routing 192.168.1.0/24 to ISP and 192.168.2.0/24 to VPN using fwmark+mangle+iproute
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Ipset Error : ipset v6.25.1: Kernel error received: set type not supported (on Kernel 4.1.4)
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Routing 192.168.1.0/24 to ISP and 192.168.2.0/24 to VPN using fwmark+mangle+iproute
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Re: Routing 192.168.1.0/24 to ISP and 192.168.2.0/24 to VPN using fwmark+mangle+iproute
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Routing 192.168.1.0/24 to ISP and 192.168.2.0/24 to VPN using fwmark+mangle+iproute
- From: sillysausage <sillysausage@xxxxxxxxxxxxxxxxx>
Re: One to One port range forwarding to different port range
- From: John Miller <johnmill@xxxxxxxxxxxx>
Re: One to One port range forwarding to different port range
- From: Doug Applegate <dapplegate@xxxxxxxxxxxxxxx>
Re: One to One port range forwarding to different port range
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
Re: Tree view for rules/chains?
- From: alvin <alvin.sm@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: Tree view for rules/chains?
- From: John Miller <johnmill@xxxxxxxxxxxx>
Re: Tree view for rules/chains?
- From: alvin <alvin.sm@xxxxxxxxxxxxxxxxxxxxxxxxx>
One to One port range forwarding to different port range
- From: Doug Applegate <dapplegate@xxxxxxxxxxxxxxx>
Tree view for rules/chains?
- From: John Miller <johnmill@xxxxxxxxxxxx>
Tcp socket read error if packet changes in NFQUEUE
- From: aft <aftnix@xxxxxxxxx>
bizarre behavior of NFQUEUE for tcp socket
- From: aft <aftnix@xxxxxxxxx>
limit NFLOG PCAP to 64 bytes
- From: Dovydas Sankauskas <laisve@xxxxxxxxx>
Re: SNAT and connection tracker: should established connections be dropped when a rule is removed from nat table?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
BIND/TKEY vulnerability (CVE-2015-5477): firewall blocking?
- From: /dev/rob0 <rob0@xxxxxxxxx>
Re: failure to set up a "simple" rule-set to get an ssh connection through to a KVM/qemu guest
- From: azteca <azteca@xxxxxxxxx>
Re: failure to set up a "simple" rule-set to get an ssh connection through to a KVM/qemu guest
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
failure to set up a "simple" rule-set to get an ssh connection through to a KVM/qemu guest
- From: azteca <azteca@xxxxxxxxx>
Re: SNAT and connection tracker: should established connections be dropped when a rule is removed from nat table?
- From: Vitaly Repin <vitaly_repin@xxxxxxxx>
Re: SYNPROXY *NAT/redirects etc.
- From: Christian Ruppert <idl0r@xxxxxxx>
Re: Creating, editing, removing rules from C(++)
- From: Bastian Bittorf <bittorf@xxxxxxxxxxxxxx>
Rule counter incrementing, but packet not dropped?
- From: Andy Hester <andy.hester@xxxxxxxxx>
Re: Creating, editing, removing rules from C(++)
- From: alvin <alvin.sm@xxxxxxxxxxxxxxxxxxxxxxxxx>
Help with routing ping requests
- From: Donald Schlicht <dschlic1@xxxxxxxxx>
Re: Creating, editing, removing rules from C(++)
- From: Thomas Delrue <thomas.delrue@xxxxxxxxxxxxxxxxxxxxxxxx>
Re: Creating, editing, removing rules from C(++)
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: Creating, editing, removing rules from C(++)
- From: Sven-Haegar Koch <haegar@xxxxxxxxx>
Re: Creating, editing, removing rules from C(++)
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: Creating, editing, removing rules from C(++)
- From: alvin <alvin.sm@xxxxxxxxxxxxxxxxxxxxxxxxx>
Creating, editing, removing rules from C(++)
- From: Thomas Delrue <thomas.delrue@xxxxxxxxxxxxxxxxxxxxxxxx>
Help with routing ping requests
- From: Donald Schlicht <dschlic1@xxxxxxxxx>
Re: Help with routing ping requests
- From: Donald Schlicht <dschlic1@xxxxxxxxx>
Re: Help with routing ping requests
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: Help with routing ping requests
- From: Donald Schlicht <dschlic1@xxxxxxxxx>
PolicyBasedRouting with two IPv6 WAN uplinks without NAT possible?
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
RE: Mangling and blocking
- From: André Paulsberg-Csibi <Andre.Paulsberg-Csibi@xxxxxxxx>
Mangling and blocking
- From: Steve Hill <steve@xxxxxxxxxxxx>
Re: Network slowing down by masquerade
- From: Glen Huang <hey.hgl@xxxxxxxxx>
Re: Help with routing ping requests
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: Network slowing down by masquerade
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: SNAT and connection tracker: should established connections be dropped when a rule is removed from nat table?
- From: Vitaly Repin <vitaly_repin@xxxxxxxx>
Help with routing ping requests
- From: Donald Schlicht <dschlic1@xxxxxxxxx>
Re: SNAT and connection tracker: should established connections be dropped when a rule is removed from nat table?
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
SNAT and connection tracker: should established connections be dropped when a rule is removed from nat table?
- From: Vitaly Repin <vitaly_repin@xxxxxxxx>
SNAT and connection tracker: should established connections be dropped when a rule is removed from nat table?
- From: Vitaly Repin <vitaly.repin@xxxxxxxxx>
Nf_nat_range structure flags oring not working.
- From: Geoffrey Said <geoffrey.said@xxxxxxxxx>
Network slowing down by masquerade
- From: Glen Huang <hey.hgl@xxxxxxxxx>
nft: ranges in named maps?
- From: Andreas Schultz <aschultz@xxxxxxxx>
nft: bitoperations between ct and nf mark
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: How are tunneled interfaces masqueraded?
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
How are tunneled interfaces masqueraded?
- From: Glen Huang <curvedmark@xxxxxxxxx>
RE: Donation
- From: "Taylor Kirsten (RW3) CMFT Manchester" <Kirsten.Taylor@xxxxxxxxxxx>
Re: xt_mac and NF_INET_POST_ROUTING
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
xt_mac and NF_INET_POST_ROUTING
- From: Garret Kelly <gdk@xxxxxxxxxx>
[ANNOUNCE] ipset 6.25.1 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: SYNPROXY *NAT/redirects etc.
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: SYNPROXY *NAT/redirects etc.
- From: Christian Ruppert <idl0r@xxxxxxx>
Question about packet processing in iptables/netfilter
- From: Andreas Herz <andi@xxxxxxxxxxxxxxx>
ndpi-netfilter v2.0
- From: Humberto Jucá <betolj@xxxxxxxxx>
Re: nftables kernel integration tracking
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Re: SYNPROXY *NAT/redirects etc.
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
ulogd "compressed" output for connection logging ?
- From: Reiner Karlsberg <karlsberg@xxxxxxxxxxxxxx>
ulogd + event mode problem
- From: Reiner Karlsberg <karlsberg@xxxxxxxxxxxxxx>
SYNPROXY *NAT/redirects etc.
- From: Christian Ruppert <idl0r@xxxxxxx>
Re: Re-Routing after OUTPUT mangle
- From: Anatoly Muliarski <x86ever@xxxxxxxxx>
Re-Routing after OUTPUT mangle
- From: "Withnell, Richard (withnell)" <r.withnell@xxxxxxxxxxxxxxx>
Re: Using iptables to send local traffic to proxy
- From: spaceman <spaceman@xxxxxxxxxxxxxxxx>
Re: iptables based appliances - ipset
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
Re: iptables based appliances - ipset
- From: alvin <alvin.sm@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: iptables based appliances
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
iptables based appliances
- From: alvin <alvin.sm@xxxxxxxxxxxxxxxxxxxxxxxxx>
Re: Due to Connection Tracking multiple DNAT rules for GRE packets do not get hit
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Mangling packets & routing in kernels>3.17
- From: aikipooh@xxxxxxxxx (Юрий Пухальский)
length module documentation mismatch
- From: causeless <causeless@xxxxxxxxx>
Re: TCP sequence checking
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Re: TCP sequence checking
- From: "Lukas Hubschmid (s)" <lukas.hubschmid@xxxxxxxxxxxxxxxx>
Re: TCP sequence checking
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
TCP sequence checking
- From: "Lukas Hubschmid (s)" <lukas.hubschmid@xxxxxxxxxxxxxxxx>
Using iptables to send local traffic to proxy
- From: "L.W. van Braam van Vloten" <lucas2@xxxxxx>
Due to Connection Tracking multiple DNAT rules for GRE packets do not get hit
- From: Karan <digitalkaran@xxxxxxxxx>
HOWTO combine a map with snat
- From: Andreas Schultz <aschultz@xxxxxxxx>
Re: Netfilter Book
- From: raskolnikov@xxxxxxxxxxxxxxx
Re: Netfilter Book
- From: npn <neal.p.murphy@xxxxxxxxxxxx>
Re: Netfilter Book
- From: shawn wilson <ag4ve.us@xxxxxxxxx>
Re: Netfilter Book
- From: prmarino1@xxxxxxxxx
Netfilter Book
- From: raskolnikov@xxxxxxxxxxxxxxx
nftables kernel integration tracking
- From: Nikolai Lusan <nikolai@xxxxxxxxxxx>
SynProxy Problem with Asymmetric dual bridge topology
- From: Niyazi Sırt <nyzsirt@xxxxxxxxx>
proxy and quotas
- From: Yan Seiner <yan@xxxxxxxxxx>
quota sometimes doesn't work
- From: Yan Seiner <yan@xxxxxxxxxx>
accept_local question
- From: Florent B <florent@xxxxxxxxxxx>
ipset hash:net performance
- From: Shaun Crampton <shaun@xxxxxxxxxx>
Re: FTP connection tracking doesn't work with nftables
- From: Tomek L <tl-netfilter@xxxxxxxxx>
Re: FTP connection tracking doesn't work with nftables
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: FTP connection tracking doesn't work with nftables
- From: Tomek L <tl-netfilter@xxxxxxxxx>
Re: FTP connection tracking doesn't work with nftables
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: FTP connection tracking doesn't work with nftables
- From: Tomek L <tl-netfilter@xxxxxxxxx>
Re: FTP connection tracking doesn't work with nftables
- From: Tomek L <tl-netfilter@xxxxxxxxx>
iptables + tc help
- From: Yan Seiner <yan@xxxxxxxxxx>
Re: FTP connection tracking doesn't work with nftables
- From: Tomek L <tl-netfilter@xxxxxxxxx>
FTP connection tracking doesn't work with nftables
- From: Tomek L <tl-netfilter@xxxxxxxxx>
Kernel panic with skb_alloc during post_routing
- From: Praveen Kumar <praveenkr.cs@xxxxxxxxx>
[ANNOUNCE] ulogd 2.0.5 release
- From: Eric Leblond <eric@xxxxxxxxx>
Reroute VPN server outgoing traffic to TOR
- From: Foxtrot Mike <foxtrotmike59@xxxxxxxxx>
conntrack -L fails with Linux 4.0: Operation not supported
- From: Petr Pisar <petr.pisar@xxxxxxxx>
Modify SSL packets with Scapy
- From: herraffe <herraffe@xxxxxxxxxx>
Modify SSL packets with Scapy
- From: Hubert Strauß <strauss.hubert@xxxxxx>
Re: Is it possible to access ip fragments with libnetfilter_queue?
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
Re: Packets being reflected back from firewall unintentionally...
- From: Mart Frauenlob <mart.frauenlob@xxxxxxxxx>
Is it possible to access ip fragments with libnetfilter_queue?
- From: Michael Fomichev <fomichev.michael@xxxxxxxxx>
Re: Packets being reflected back from firewall unintentionally...
- From: Matthew Smith <gizmosmith@xxxxxxxxx>
Re: conntrack GRE behaves differently in 3.17 / 3.18
- From: Lubomir Rintel <lkundrak@xxxxx>
Re: Packets being reflected back from firewall unintentionally...
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
Packets being reflected back from firewall unintentionally...
- From: Matthew Smith <gizmosmith@xxxxxxxxx>
IP SNAT only for a bridge port, ¿is it possible?
- From: Jose Miguel Sanchez Ales <josem+netfilter@xxxxxxxxxxxx>
nftables type for ipv4_addr -> packetmark map?
- From: Miroslav Kratochvil <exa.exa@xxxxxxxxx>
Re: Alternatively
- From: Eric Leblond <eric@xxxxxxxxx>
Alternatively
- From: Kees-Jan Hermans <hermans@xxxxxxxxxx>
Modifying a packet's length using netfilter queue
- From: Kees-Jan Hermans <hermans@xxxxxxxxxx>
Re: AW: Atomic changes to IP sets
- From: "Nikolay S." <nowhere@xxxxxxxxxxxxxxxx>
Re: Atomic changes to IP sets
- From: Paul Robert Marino <prmarino1@xxxxxxxxx>
Re: Atomic changes to IP sets
- From: Neal Murphy <neal.p.murphy@xxxxxxxxxxxx>
Modifying a packet's length using netfilter queue
- From: Kees-Jan Hermans <hermans@xxxxxxxxxx>
Re: Atomic changes to IP sets
- From: Koen Zandberg <hydrazine@xxxxxxxxxxxx>
Re: Atomic changes to IP sets
- From: "Nikolay S." <nowhere@xxxxxxxxxxxxxxxx>
Atomic changes to IP sets
- From: Anna Fischer <a.fischer@xxxxxxxxxx>
spooky RST with DNAT rules; macvlan + namespace
- From: Chris Burroughs <christopher@xxxxxxxxxxx>
Clarification needed on use of -m owner --uid-owner
- From: "Vince Cooper" <swUjefra@xxxxxxxxxxx>
Re: ebtables fix changing source MAC
- From: "otik@xxxxxxxxxx" <otik@xxxxxxxxxx>
Re: SYNPROXY module with bridge
- From: Todor Todorov <root@xxxxxxxxxxxx>
Re: ebtables fix changing source MAC
- From: Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>
ebtables fix changing source MAC
- From: "otik@xxxxxxxxxx" <otik@xxxxxxxxxx>
Re: connmark and nat
- From: Dmitry Melekhov <dm@xxxxxxxxxx>
Connection tracking stores wrong port for DNAT
- From: Justin Michael Schwartzbeck <justinmschw@xxxxxxxxx>
Re: Routing traffic over two gateways by fwmark
- From: Matt Killock <lists@xxxxxxxxxxx>
Connection tracking stores wrong port for DNAT
- From: Justin Michael Schwartzbeck <justinmschw@xxxxxxxxx>
Re: connmark and nat
- From: Dmitry Melekhov <dm@xxxxxxxxxx>
Re: connmark and nat
- From: Dennis Jacobfeuerborn <dennisml@xxxxxxxxxxxx>
Strange behaviour when adding rules with libiptc
- From: aikipooh@xxxxxxxxx (Юрий Пухальский)
Re: connmark and nat
- From: Dmitry Melekhov <dm@xxxxxxxxxx>
Re: Routing traffic over two gateways by fwmark
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Re: connmark and nat
- From: Pascal Hambourg <pascal@xxxxxxxxxxxxxxx>
Routing traffic over two gateways by fwmark
- From: Matt Killock <lists@xxxxxxxxxxx>
[Call for testing!] miniupnpd with nftables!
- From: Tomofumi Hayashi <s1061123@xxxxxxxxx>
connmark and nat
- From: Dmitry Melekhov <dm@xxxxxxxxxx>
ANNOUNCEMENT: Netdev 01 materials posted
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
RE: Why SYN-ACK packets are dropped as INVALID?
- From: Joel Gerber <Joel.Gerber@xxxxxxxxxxxxxxxx>
AW: Why SYN-ACK packets are dropped as INVALID?
- From: "Spenst, Aleksej" <Aleksej.Spenst@xxxxxxxxxx>
RE: Why SYN-ACK packets are dropped as INVALID?
- From: Joel Gerber <Joel.Gerber@xxxxxxxxxxxxxxxx>
AW: Why SYN-ACK packets are dropped as INVALID?
- From: "Spenst, Aleksej" <Aleksej.Spenst@xxxxxxxxxx>
Re: Why SYN-ACK packets are dropped as INVALID?
- From: Neal Murphy <neal.p.murphy@xxxxxxxxxxxx>
Why SYN-ACK packets are dropped as INVALID?
- From: "Spenst, Aleksej" <Aleksej.Spenst@xxxxxxxxxx>
Re: nftables feature request: don't fail "flush" on nonexistent tables
- From: Laurent Bercot <ska-devel@xxxxxxxxxxx>

[Index of Archives] [LARTC] [Berkeley Packet Filter] [Bugtraq] [Yosemite News] [Samba]