conntrack-tools i.e. conntrack and conntrackd (mirror of https://github.com/vyos/conntrack-tools.git) https://git.amelek.net/vyos/conntrack-tools.git/atom?h=conntrack-tools-0.9.14 2009-12-28T18:20:37+00:00 2009-12-28T18:20:37+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-28T18:20:37+00:00 urn:sha1:798189a68f6a377b1f23942ef6ebca51f5c2fa41 This patch bumps conntrack-tools version to 0.9.14. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-23T23:16:53+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-23T23:16:53+00:00 urn:sha1:8af1ed45027a0d2a60223c085b6d2a10ca468442 This patch documents the `-B' command in conntrackd that allows you to force a bulk send to other firewall nodes in the cluster. Reported-by: Tino Keitel <tkeitel@innominate.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-23T22:29:06+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-23T22:29:06+00:00 urn:sha1:b78aa333ae1a73683afd44b8819186a91784d929 With this patch, we allow to manually create TCP entries in the table. Basically, we disable TCP window tracking for this entry to avoid problems. Reported-by: Roman Fiedler <roman.fiedler@ait.ac.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-23T19:31:10+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-23T19:31:10+00:00 urn:sha1:f49cfb7598c0433d3cb3dc3d829b510a205313f4 This patch documents the internal cache disabling feature that is available for the NOTRACK mode. I have also added an example on how to set up a TCP-based state-synchronization. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-23T18:40:49+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-23T18:37:36+00:00 urn:sha1:ba8f0e07adc2e124fdb34a8a8f86fcce42a939d8 This patch fixes the clause `State' in `Filter' that allows you to filter by protocol state. This bug was introduced during the implementation of the TCP-based synchronization. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-19T14:24:20+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-06T09:19:28+00:00 urn:sha1:65645763ebe870fa01b5c1a5dbe810feb9397ff2 This patch adds state-synchronization for ICMP. You SHOULD use a Linux kernel >= 2.6.31, otherwise this patch can result in tons of state-updates. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-12-19T12:55:00+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-12-19T12:55:00+00:00 urn:sha1:2f52fea14f94fb267e22280bce2d45f44c3b34f0 With this patch, we use an indirect call to build the layer 4 information into the synchronization message. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-20T23:43:07+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-20T23:43:07+00:00 urn:sha1:8ad5df6121c46753a6d12fafa5ab9da309ddb721 This patch adds the clause `DisableInternalCache' that allows you to bypass the internal cache. This clause can only be used with the notrack synchronization mode. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-14T14:14:12+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-14T14:14:12+00:00 urn:sha1:6e7166b7d396884eedbaf250f8a06864f63c07fc In 0b03f4b759e439edd2c3da0add08050276d7dc5f, I forgot to increase the stats for successful cases. This patch fixes this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2009-10-14T13:58:18+00:00 Pablo Neira Ayuso pablo@netfilter.org 2009-10-14T13:58:18+00:00 urn:sha1:0b03f4b759e439edd2c3da0add08050276d7dc5f # conntrackd -s external inject: connections created: 0 failed: 0 connections updated: 0 failed: 0 connections destroyed: 0 failed: 0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>