Re: connlimit from wiki.nftables.org not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 11 Apr 2024 21:04:53 +0100 Kerin Millar wrote:

> # zgrep NFT_CONNLIMIT /proc/config.gz
> # CONFIG_NFT_CONNLIMIT is not set

Same here.

> With that in mind, are you able to "modprobe nft_connlimit" at all?

It returns a fatal error that the module is not found.

All I find when searching is that the module is missing in different
distros and some references to CVE-2022-32250 which doesn't clarify
much:

https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/#rip-control-by-triggering-garbage-collection

I wonder if distros have deliberately removed the module because of the
CVE or if there is something else.

What would you advise?




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux