lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 26 Jul 2007 20:49:49 +0300 (EEST)
From:	Meelis Roos <mroos@...ux.ee>
To:	netdev@...r.kernel.org
Subject: ipv4 conntrack module loading broken?

Hello,

I tested 2.6.23-rc1 on my prep (arch=ppc) NAT firewall. iptables loaded 
rules fine (simplest test was with single SNAT rule in POSTROUTING chain 
in nat table) and iptables -L showed the rule was loaded. But no packets 
matched the rule and traffic passed un-NATed (just routed). Adding LOG 
rules showed that no packets reach POSTROUTING at all - and no packets 
read PREROUTING (didn't test more).

However, after loading nf_conntrack_ipv4 module by hand, the existing 
rules started working.

Is autoloading of nf_conntrack_ipv4 broken?

-- 
Meelis Roos (mroos@...ux.ee)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ