| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <78611fbd-434e-c948-5677-a0bdb66f31a5@googlemail.com> Date: Thu, 8 Sep 2022 22:22:36 +0100 From: Chris Clayton <chris2553@...glemail.com> To: Florian Westphal <fw@...len.de> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: b118509076b3 (probably) breaks my firewall On 08/09/2022 20:19, Florian Westphal wrote: > Chris Clayton <chris2553@...glemail.com> wrote: >> Just a heads up and a question... >> >> I've pulled the latest and greatest from Linus' tree and built and installed the kernel. git describe gives >> v6.0-rc4-126-g26b1224903b3. >> >> I find that my firewall is broken because /proc/sys/net/netfilter/nf_conntrack_helper no longer exists. It existed on an >> -rc4 kernel. Are changes like this supposed to be introduced at this stage of the -rc cycle? > > The problem is that the default-autoassign (nf_conntrack_helper=1) has > side effects that most people are not aware of. > > The bug that propmpted this toggle from getting axed was that the irc (dcc) helper allowed > a remote client to create a port forwarding to the local client. Ok, but I still think it's not the sort of change that should be introduced at this stage of the -rc cycle. The other problem is that the documentation (Documentation/networking/nf_conntrack-sysctl.rst) hasn't been updated. So I know my firewall is broken but there's nothing I can find that tells me how to fix it.
Powered by blists - more mailing lists