http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/182 <pre>Hi! The Netfilter project proudly presents: libnetfilter_conntrack 1.0.3 libnetfilter_conntrack is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table. The library libnetfilter_conntrack has been previously known as libnfnetlink_conntrack and libctnetlink. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnetfilter_conntrack/downloads.html ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/ Have fun! Florian Westphal (2): qa: fix handling of ATTR_HELPER_INFO attribute conntrack: fix nfct_clone with certain attribute data types Jan Engelhardt (1): build: resolve automake-1.12 warnings Pablo Neira Ayuso (5): refresh our public copy of nfnetlink_conntrack.h Merge branch 'next' into libnetfilter_conntrack master branch qa: fix bogus eror in test_api qa: add final OK message after checking release of clone objects b</pre> Pablo Neira Ayuso 2013-03-04T15:42:15 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/181 <pre>Hi! The Netfilter project proudly presents: conntrack-tools 1.4.1 The conntrack-tools are the userspace command line interface `conntrack' and the userspace daemon `conntrackd'. The conntrack utility replaces the old /proc/net/nf_conntrack interface. With conntrack, you can dump, modify and delete entries from the connection tracking state table from userspace. On the other hand, conntrackd allows you to deploy highly available stateful firewall clusters and to run connection tracking helpers from user-space. More information in the official manual at: http://conntrack-tools.netfilter.org/manual.html See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/nfacct/downloads.html ftp://ftp.netfilter.org/pub/nfacct/ Have fun! Pablo Neira Ayuso (3): conntrackd: fix deadlock due to wrong nested signal blocking conntrack: add support to dump the dying and unconfirmed list via ctnetlink build: bump version to 1.4</pre> Pablo Neira Ayuso 2013-03-03T22:10:35 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/180 <pre>Hi! The Netfilter project proudly presents: nfacct 1.0.1 nfacct is the command line tool to create/retrieve/delete accounting objects (available since Linux kernel 3.3). See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/nfacct/downloads.html ftp://ftp.netfilter.org/pub/nfacct/ Have fun! Eric Leblond (2): nfacct: fix parsing of `xml' `reset' together. Add restore command Pablo Neira Ayuso (1): build: bump version to 1.0.1 </pre> Pablo Neira Ayuso 2013-03-03T22:04:06 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/179 <pre>Hi! The Netfilter project proudly presents: iptables 1.4.18 iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ Have fun! Florian Westphal (1): doc: rpfilter: invert option should have own paragraph Jan Engelhardt (11): build: resolve link failure for ip6t_NETMAP doc: fixup omissions in ip6tables-restore.8 doc: document iptables-restore's -t option doc: document iptables-restore's -v option doc: document iptables-restore's -M option doc: document iptables-restore's -h option doc: name the supported log levels for ipt_LOG doc: mention -m in the manpage doc: document the -4 and -6 options extensions: S/DNPT: add missing save function </pre> Pablo Neira Ayuso 2013-03-03T22:20:08 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/178 <pre>Hi! The Netfilter project proudly presents: libnetfilter_acct 1.0.2 libnetfilter_acct is the userspace library providing interface to extended accounting infrastructure starting Linux kernel 3.3. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnetfilter_acct/downloads.html ftp://ftp.netfilter.org/pub/libnetfilter_acct/ Have fun! Eric Leblond (2): Add include needed for integer types definition. Fix packets and bytes inversion. Jan Engelhardt (3): build: resolve automake-1.12 warnings build: resolve compile abort on RHEL5 #1 build: resolve compile abort on RHEL5 #2 Pablo Neira Ayuso (3): Merge git://git.inai.de/libnetfilter_acct master Partially revert "src: remove unnecessary castings" build: bump version to 1.0.2 </pre> Pablo Neira Ayuso 2013-03-03T22:01:27 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/177 <pre>Hi! The Netfilter project proudly presents: iptables 1.4.17 More relevantly, this release includes the IPv6 NAT extensions from Patrick McHardy, the ignore day transition from Florian Westphal and a couple of fixes. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ Have fun! Florian Westphal (1): libxt_time: add support to ignore day transition Jozsef Kadlecsik (1): Manpage update: matches are evaluated in the order they are specified. Pablo Neira Ayuso (2): Merge branch 'next' branch that contains new features scheduled for Linux kernel 3.7 bump version to 1.4.17 Patrick McHardy (7): Convert the NAT targets to use the kernel supplied nf_nat.h header extensions: add IPv6 MASQUERADE extension extensions: add IPv6 SNAT extension extensions: add IPv6 DNAT target extensions: add IPv6 REDIRECT extension</pre> Pablo Neira Ayuso 2012-12-25T13:09:07 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/176 <pre>Hi! The Netfilter project proudly presents: iptables 1.4.15 This release includes support for new features now present in the Linux kernel 3.5 and one major bugfix (that shows up with gcc-4.7). See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ Have fun! Denys Fedoryshchenko (1): libxt_recent: add --mask netmask Eldad Zack (1): libxt_recent: remove unused variable Florian Westphal (2): libxt_devgroup: add man page snippet libxt_hashlimit: add support for byte-based operation Hans Schillstrom (3): extensions: add HMARK target libxt_HMARK: fix output of iptables -L libxt_HMARK: correct a number of errors introduced by Pablo's rework Pablo Neira Ayuso (6): libxtables: add xtables_ip[6]mask_to_cidr libxt_HMARK: fix ct case example iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7</pre> Pablo Neira Ayuso 2012-07-31T11:25:31 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/175 <pre>Hi! The Netfilter project proudly presents: conntrack-tools 1.2.2 This release contains accumulated bugfixes. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/conntrack-tools/downloads.html ftp://ftp.netfilter.org/pub/conntrack-tools/ Have fun! Jan Engelhardt (1): update .gitignore Pablo Neira Ayuso (7): conntrackd: simplify TCP connection handling logic conntrackd: fix compilation in src/parse.c doc: fix documentation on ExpectationSync and H.323 helper conntrackd: add bugtrap notice in case of flush while commit in progress conntrackd: fix commit operation, needs to be synchronous conntrackd: implement selective flushing for `-t' and `-F' commands bump version to 1.2.2 </pre> Pablo Neira Ayuso 2012-07-31T11:22:32 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/174 <pre>Hi! The Netfilter project proudly presents: ulogd 2.0.0 ulogd is a userspace logging daemon for netfilter/iptables related logging. This includes per-packet logging of security violations, per-packet logging for accounting, per-flow logging and flexible user-defined accounting. ulogd was almost entirely written by Harald Welte, with contributions from fellow hackers such as Pablo Neira Ayuso, Eric Leblond and Pierre Chifflier. ulogd-2.x requires several libraries: * libnfnetlink that provides basic communication infrastructure via Netlink. * libmnl that provides basic communication infrastructure via Netlink, this library will supersede libnfnetlink. Still, we require both libraries as we are still in transition to entirely replace libnfnetlink by libmnl. * libnetfilter_log for stateless packet-based logging via nfnetlink_queue. * libnetfilter_conntrack for stateful flow-based via nf_conntrack_netlink. * libnetfilter_acct for flexible traffic accounting via nfnetlink_acct and ipta</pre> Pablo Neira Ayuso 2012-06-17T12:07:23 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/173 <pre> We noticed at the same time. It's fixed now, and conntrack-tools 1.2.1 is out. Thanks! </pre> Pablo Neira Ayuso 2012-05-26T20:21:05 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/172 <pre>Applied, thanks Jan. On Sat, May 26, 2012 at 09:02:35PM +0200, Jan Engelhardt wrote: </pre> Pablo Neira Ayuso 2012-05-26T20:19:51 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/171 <pre> Forgot to attach changelog, sorry. Pablo Neira Ayuso (1): parse: add mnl_attr_for_each_payload Stephen Hemminger (1): nlmsg: fix valgrind warnings about padding </pre> Pablo Neira Ayuso 2012-05-26T18:24:38 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/170 <pre>Hi! The Netfilter project proudly presents: libmnl 1.0.3 libmnl is a minimalistic (really!) library that provides simple abstractions to communicate using Netlink sockets. If you're looking for a way to communicate some kernel subsystem and user-space, Netlink provides a nice method to do so. For those not yet familiar with Netlink, I suggest you to read: http://1984.lsi.us.es/~pablo/docs/spae.pdf This release include one fix and one new interface to allow to parse messages from some payload offset, skipping the Netlink header. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libmnl/downloads.html ftp://ftp.netfilter.org/pub/libmnl/ Have fun! </pre> Pablo Neira Ayuso 2012-05-26T18:23:50 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/169 <pre>Hi! The Netfilter project proudly presents: iptables 1.4.14 This release several bugfixes and support for the new cttimeout infrastructure. This allows you to attach specific timeout policies to flow via iptables CT target. The following example shows the usage of this new infrastructure in a couple of steps: 1) Create a timeout policy with name `custom-tcp-policy1': nfct timeout add custom-tcp-policy1 inet tcp established 200 2) Attach it to traffic going from 1.1.1.1 to 2.2.2.2 iptables -I PREROUTING -t raw -s 1.1.1.1 -d 2.2.2.2 -p tcp \ -j CT --timeout custom-tcp-policy1 The new nfct resides in the conntrack-tools tree. By now, this new utility only supports the cttimeout. In the long run, the plan is to replace the conntrack utility with it. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/conntrack-tools/downloads.html ftp://ftp.netfilter.org/pub/conntrack-tools/ Have fun! Florian Westphal (3): </pre> Pablo Neira Ayuso 2012-05-26T18:15:22 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/168 <pre>Hi! The Netfilter project proudly presents: conntrack-tools 1.2.0 This release is a major milestone that includes support for expectation synchronization and the new nfct utility that, by now, only supports the new cttimeout infrastructure. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/conntrack-tools/downloads.html ftp://ftp.netfilter.org/pub/conntrack-tools/ Have fun! Adrian Bridgett (1): src: manpage and help display improvements Florian Westphal (1): conntrack: flush stdout for each expectation event, too Pablo Neira Ayuso (34): conntrackd: generalize caching infrastructure conntrackd: generalize external handlers to prepare expectation support conntrackd: generalize/cleanup network message building/parsing conntrackd: generalize local handler actions conntrackd: simplify cache_get_extra function conntrackd: remove cache_data_get_object and replace by direct poi</pre> Pablo Neira Ayuso 2012-05-26T18:06:54 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/167 <pre>Hi! The Netfilter project proudly presents: libnetfilter_cttimeout 1.0.0 libnetfilter_cttimeout is the userspace library that provides the programming interface to the fine-grain connection tracking timeout infrastructure. With this library, you can create, update and delete timeout policies that can be attached to traffic flows. This library is used by conntrack-tools. To use this library, you require a Linux kernel &gt;= 3.4.0. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnetfilter_cttimeout/downloads.html ftp://ftp.netfilter.org/pub/libnetfilter_cttimeout/ Have fun! Jan Engelhardt (6): Add .gitignore const-ify static data objects Add stdint header and type corrections Properly NUL-terminate name in nfct_timeout_attr_set const-ify arguments of functions Add extern "C" guard for C++ compilation mode Pablo Neira Ayuso (11): initial commit add README file This</pre> Pablo Neira Ayuso 2012-05-26T18:03:17 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/166 <pre>Hi! The Netfilter project proudly presents: libnetfilter_conntrack 1.0.1 libnetfilter_conntrack is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table. This library is currently used by conntrack-tools among many other applications. This release includes important improvements for the expectation support. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnetfilter_conntrack/downloads.html ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/ Have fun! Kelvie Wong (1): expect: support NFCT_Q_CREATE_UPDATE in nfexp_query Pablo Neira Ayuso (15): expect: add XML support for nfexp_snprintf() expect: add class support expect: add NAT support expect: add expectfn support expect: CTA_EXPECT_HELP_NAME must be NULL-terminated expect: fix comparison of expectation class and flags expect: fix missing whitespace after expecta</pre> Pablo Neira Ayuso 2012-05-18T00:35:47 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/165 <pre>Hi! The Netfilter project proudly presents: iptables 1.4.13 nfacct 1.0.0 libnetfilter_acct 1.0.0 Changes in iptables include: * rpfilter support from Florian Westphal. * IPv6 ECN capable version from Patrick McHardy. * a couple of fixes for internal libiptc library. * fix leaking file descriptor to avoid annoying log messsages in SELinux from Maciej enczykowski. * nfacct match support by myself. For nfacct and libnetfilter_acct, this is the initial release. These require Linux kernel 3.3 or any later. You can download all these from: http://www.netfilter.org/projects/iptables/downloads.html ftp://ftp.netfilter.org/pub/iptables/ http://www.netfilter.org/projects/nfacct/downloads.html ftp://ftp.netfilter.org/pub/nfacct/ http://www.netfilter.org/projects/libnetfilter_acct/downloads.html ftp://ftp.netfilter.org/pub/libnetfilter_acct/ You can also find the changelog to this email for more information. Have fun! Florian Westphal (1): extensions: add rpfilter module Franz Flasch (2</pre> Pablo Neira Ayuso 2012-03-27T12:17:36 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/164 <pre>Hi! The Netfilter project proudly presents: conntrack-tools 1.0.1 The conntrack-tools are a set of tools targeted at system administrators. They are conntrack, the userspace command line interface, and conntrackd, the userspace daemon. The tool conntrack provides a full featured interface that is intended to replace the old /proc/net/ip_conntrack interface. Using conntrack, you can view and manage the in-kernel connection tracking state table from userspace. On the other hand, conntrackd covers the specific aspects of stateful firewalls to enable highly available scenarios. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/conntrack-tools/downloads.html ftp://ftp.netfilter.org/pub/conntrack-tools/ Have fun! Florian Westphal (4): conntrack: add support for mark mask conntrack: skip sending update message to kernel if conntrack is unchanged testsuite: add tests for --mark option conntrack: add mis</pre> Pablo Neira Ayuso 2012-01-05T10:35:09 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/163 <pre>Hi! The Netfilter project proudly presents: libnetfilter_conntrack-1.0.0 libnetfilter_conntrack is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnetfilter_conntrack/downloads.html ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/ Have fun! Andrew Beverley (1): utils: add nfct_destroy() to all examples in utils Jan Engelhardt (3): Update .gitignore build: use AC_CONFIG_AUX_DIR and stash away tools build: disable implicit .tar.gz archive generation and use POSIX mode Jiri Popelka (1): conntrack: objopt: NO_EFFECT Pablo Neira Ayuso (20): build: Linux kernel-style for compilation messages doc: fix missing nfct_copy function not included in doxygen report expect: fix missing parsing of master tuple expect: nfexp_snprintf prints expectation timeout if </pre> Pablo Neira Ayuso 2012-01-04T16:42:57 http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.announce/164 <pre>Hi! The Netfilter project proudly presents: conntrack-tools 1.0.1 The conntrack-tools are a set of tools targeted at system administrators. They are conntrack, the userspace command line interface, and conntrackd, the userspace daemon. The tool conntrack provides a full featured interface that is intended to replace the old /proc/net/ip_conntrack interface. Using conntrack, you can view and manage the in-kernel connection tracking state table from userspace. On the other hand, conntrackd covers the specific aspects of stateful firewalls to enable highly available scenarios. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/conntrack-tools/downloads.html ftp://ftp.netfilter.org/pub/conntrack-tools/ Have fun! Florian Westphal (4): conntrack: add support for mark mask conntrack: skip sending update message to kernel if conntrack is unchanged testsuite: add tests for --mark option conntrack: add mis</pre> Pablo Neira Ayuso 2012-01-05T10:35:09 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.comp.security.firewalls.netfilter.announce