Michael Rash
Michael Rash
A user named 'Serge' mentioned this.
Although not directly related to the REDIRECT target, using the iptables 'mark' module along with the REDIRECT target (and probably SNAT as well, though REDIRECT is a bit more elegant)...
Moving this to the 2.6.1 release.
Yes, the SPA packet data is still read via libpcap instead of fwknopd reading the data from the TCP socket itself. As you said, it is simply a TCP service...
Haven't tried it out yet, but thanks for mentioning that has been included in Debian. That raises the priority to add support for fwknop I think.
Thanks for reporting this. Seems like a new check should be added to fwknopd to ensure that it is properly interfacing with iptables as far as the nf_conntrack stuff is...
Following up on this - on which Linux distro did you see this error? I see the kernel version and iptables version, but the Linux distro would help as well...
I have an Arch Linux VM and was unable to reproduce this. If you send me your iptables policy that triggered this issue then it would hopefully be reproducible on...
Thanks for the suggestion. This will definitely be added to fwknop and the other cipherdyne.org projects as well.
With the new command open/close cycle stuff, I think integrating with NFTables will be easy.