| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071123133933.GA31396@innominate.com> Date: Fri, 23 Nov 2007 14:39:33 +0100 From: Lutz Jaenicke <ljaenicke@...ominate.com> To: Laszlo Attila Toth <panther@...abit.hu> Cc: David Miller <davem@...emloft.net>, Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: [PATCHv6 iptables]Interface group match On Tue, Nov 20, 2007 at 02:14:28PM +0100, Laszlo Attila Toth wrote: > Interface group values can be checked on both input and output interfaces > with optional mask. > Index: extensions/libxt_ifgroup.c > =================================================================== > --- extensions/libxt_ifgroup.c (revision 0) > +++ extensions/libxt_ifgroup.c (revision 0) > + info->in_group = strtoul(optarg, &end, 0); This is somewhat inconsistent with the iproute patch which targets specific groups (with names). Should iptables be allowed to read "/etc/iproute2/rt_ifgroup"? There is no standard API like getservbyname()... I do have a draft patch for physdev which is however against iptables-1.3.8 and linux-2.6.19 so it will need some more work but I will attach it for discussion. (This will leave ebtables to be touched...) Best regards, Lutz -- Dr.-Ing. Lutz Jänicke CTO Innominate Security Technologies AG /protecting industrial networks/ tel: +49.30.6392-3308 fax: +49.30.6392-3307 Albert-Einstein-Str. 14 D-12489 Berlin, Germany www.innominate.com Register Court: AG Charlottenburg, HR B 81603 Management Board: Joachim Fietz, Dirk Seewald Chairman of the Supervisory Board: Edward M. Stadum ---------------------------------------------------------------------------- Visit us at the SPS/IPC/Drives in Nuremberg / Germany 27 - 29 November 2007, Hall 9, Stand 9-141 ---------------------------------------------------------------------------- View attachment "ifgroup_physdev.patch" of type "text/plain" (4806 bytes) View attachment "ifgroup_physdev_kernel.patch" of type "text/plain" (2577 bytes)
Powered by blists - more mailing lists