lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <54FC2089.6080809@unsolicited.net>
Date:	Sun, 08 Mar 2015 10:12:25 +0000
From:	David R <david@...olicited.net>
To:	netdev@...r.kernel.org
CC:	linux-kernel@...r.kernel.org
Subject: iptables problem upgrading kernel from 3.18.8 to 3.19.1

I've just had an exception to my "uneventful kernel upgrade" monotony.

My boot scripts failed when setting up the firewall due to this :-

    xt_recent: hitcount (1) is larger than packets to be remembered (1)
for table xxxx

This is a completely straightforward

    iptables -A yyyy -j REJECT -p tcp --reject-with tcp-reset -m recent
--set --name xxxx --rsource

Looking at the history for xt_recent.c it looks like this was introduced
in abc86d0f99242b7f142b7cb8f90e30081dd3c256 but maybe corrected in
cef9ed86ed62eeffcd017882278bbece32001f86 ?

Whatever, 3.19.1 is still affected, it can be worked around by setting
ip_pkt_list_tot in the module parameters.

Cheers
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ