[Bug 1128] ip6_tables connmark or connlabel never matches
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Mar 12 01:57:36 CET 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1128
--- Comment #3 from Jim Carter <jimc at jfcarter.net> ---
Thank you for the quick and clear explanation. The workaround works in
the complete firewall ruleset (if you put it in the right place).
I saw your blog post on nftables (2016-10-28)
https://developers.redhat.com/blog/2016/10/28/what-comes-after-iptables-its-successor-of-course-nftables/
I look forward to using the new framework; it looks a lot cleaner than
what we have now. But my firewall uses both the IPSec policy match and
TCPMSS clamping for tunnels, so adoption can't be immediate.
Thanks to you guys for your work on netfilter. It's a key component of
defense in depth, which in today's political climate is particularly
necessary.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170312/10199fdf/attachment.html>
More information about the netfilter-buglog
mailing list