Re: [Bug 323950] Re: block invalid combinations of TCP flags
Got it, looks good. On Fri, Nov 20, 2009 at 5:18 PM, PatRiehecky wrote: > I believe I built the patch to update both rule sets I may have > botched it (and it wouldn't be the first time I've done that), but my > intent was for the first section to update IPv6 and the second to do v4. > > -- > block invalid combinations of TCP flags > https://bugs.launchpad.net/bugs/323950 > You received this bug notification because you are a direct subscriber > of the bug. > -- block invalid combinations of TCP flags https://bugs.launchpad.net/bugs/323950 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 323950] Re: block invalid combinations of TCP flags
These rules can be applied to ipv6 connections also (switch iptables to ip6table). On Fri, Nov 13, 2009 at 12:05 PM, PatRiehecky wrote: > I figured I would put forth a patch to implement the simplest starting > ground. Established connections aren't overly protected by this (there > are some easy things to do), but a basic bad flags scan will be blocked. > > ** Attachment added: "Basic bad flags block" > http://launchpadlibrarian.net/35658585/tcpflags.patch > > -- > block invalid combinations of TCP flags > https://bugs.launchpad.net/bugs/323950 > You received this bug notification because you are a direct subscriber > of the bug. > -- block invalid combinations of TCP flags https://bugs.launchpad.net/bugs/323950 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 323950] Re: block invalid combinations of TCP flags
They look very reasonable - great job! On Fri, Nov 13, 2009 at 12:05 PM, PatRiehecky wrote: > I figured I would put forth a patch to implement the simplest starting > ground. Established connections aren't overly protected by this (there > are some easy things to do), but a basic bad flags scan will be blocked. > > ** Attachment added: "Basic bad flags block" > http://launchpadlibrarian.net/35658585/tcpflags.patch > > -- > block invalid combinations of TCP flags > https://bugs.launchpad.net/bugs/323950 > You received this bug notification because you are a direct subscriber > of the bug. > -- block invalid combinations of TCP flags https://bugs.launchpad.net/bugs/323950 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
"Speaking from an enterprise network perspective, I very much do *not* want to see privacy addresses enabled by default, as they can make complying with our network security policies much more difficult." In terms of demographics, Ubuntu doesn't have nearly the market share in the enterprise as it does in other sectors. The hit on user privacy for systems not using privacy extensions is large - especially for new users. -- Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) https://bugs.launchpad.net/bugs/176125 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 285897] Re: prepend domain-name-servers does not allow other addresses
This issue appears to be fixed in dhclient 3.1.1 (Ubuntu 9.04) -- prepend domain-name-servers does not allow other addresses https://bugs.launchpad.net/bugs/285897 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 448193] [NEW] packaged version of wireshark out of date
Public bug reported: Binary package hint: wireshark >From an Ubuntu Jaunty system that has been updated: Package: wireshark Priority: optional Section: universe/net Installed-Size: 1616 Maintainer: Ubuntu MOTU Developers Original-Maintainer: Frederic Peters Architecture: amd64 Version: 1.0.7-1ubuntu1 Replaces: ethereal (<< 1.0.0-3) This is several versions behind the most current and is missing some security fixes. http://www.wireshark.org/docs/relnotes/ ** Affects: wireshark (Ubuntu) Importance: Undecided Status: New -- packaged version of wireshark out of date https://bugs.launchpad.net/bugs/448193 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 397836] [NEW] scapy module will not import correctly
Public bug reported: Binary package hint: python-scapy ~$ python Python 2.6.2 (release26-maint, Apr 19 2009, 01:58:18) [GCC 4.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> from scapy import all >>> a = IP() Traceback (most recent call last): File "", line 1, in NameError: name 'IP' is not defined ** Affects: scapy (Ubuntu) Importance: Undecided Status: New -- scapy module will not import correctly https://bugs.launchpad.net/bugs/397836 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 236772] Re: IPv6 does not work or not enabled
Amos - the Squid packages in your PPA work as expected. The Squid packages in Jaunty still appear to have broken IPv6 connectivity. -- IPv6 does not work or not enabled https://bugs.launchpad.net/bugs/236772 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 378792] [NEW] tspc client fails
Public bug reported: Binary package hint: tspc tspc appears to run correctly: /etc/init.d/tspc start * Restarting IPv6 tunnel tspc [ OK ] but the interface isn't brought up, and syslog error: tspStartLocal: Script failed to execute correctly using tspc Version: 2.1.1-8ubuntu2 on Jaunty ** Affects: tspc (Ubuntu) Importance: Undecided Status: New ** Description changed: Binary package hint: tspc tspc appears to run correctly: /etc/init.d/tspc start * Restarting IPv6 tunnel tspc [ OK ] but the interface isn't brought up, and syslog error: tspStartLocal: Script failed to execute correctly + + + using tspc Version: 2.1.1-8ubuntu2 on Jaunty -- tspc client fails https://bugs.launchpad.net/bugs/378792 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 331853] [NEW] oinkmaster error - temporary folder doesn't exist
Public bug reported: Binary package hint: oinkmaster In a new installation, oinkmaster can't run since it expects /var/run/oinkmaster/ to exist. After creating that directory, oinkmaster works fine. ** Affects: oinkmaster (Ubuntu) Importance: Undecided Status: New -- oinkmaster error - temporary folder doesn't exist https://bugs.launchpad.net/bugs/331853 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 320015] [NEW] squid3 ipv6 support
Public bug reported: Binary package hint: squid3 On 8.10, the squid3 package has not been compiled with IPv6 support. ** Affects: squid3 (Ubuntu) Importance: Undecided Status: New -- squid3 ipv6 support https://bugs.launchpad.net/bugs/320015 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 289687] Re: Tuxpaint 0.9.20 crashes with pulse audio error when run in VirtualBox
Same problem here. I removed pulseaudio and everything seems to work ok. -- Tuxpaint 0.9.20 crashes with pulse audio error when run in VirtualBox https://bugs.launchpad.net/bugs/289687 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 299268] Re: UFW default ICMPv6 before6.rules modification
Thanks for the update, a typo in my original report: -m hl --hl-eq 255 should be -m hl --hl-eq 64 An ip6tables guide that might be useful is here: http://tools.ietf.org/html/rfc4890#appendix-B -- UFW default ICMPv6 before6.rules modification https://bugs.launchpad.net/bugs/299268 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 304216] [NEW] multicast policy includes too many addresses
Public bug reported: Binary package hint: ufw In before6.rules: -A ufw6-before-input -s ff00::/8 -j ACCEPT -A ufw6-before-input -d ff00::/8 -j ACCEPT Most systems would only need (http://www.iana.org/assignments/ipv6-multicast-addresses): -A ufw6-before-input -p icmpv6 -s ff00::1/8 -j ACCEPT -A ufw6-before-input -p icmpv6 -d ff00::1/8 -j ACCEPT -A ufw6-before-input -p icmpv6 -s ff00::2/8 -j ACCEPT -A ufw6-before-input -p icmpv6 -d ff00::2/8 -j ACCEPT ** Affects: ufw (Ubuntu) Importance: Undecided Status: New -- multicast policy includes too many addresses https://bugs.launchpad.net/bugs/304216 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 299268] Re: UFW default ICMPv6 before6.rules modification
RFC 4861 specifies that NDP messages shouldn't be passed through routers. Also, host (non-router) systems shouldn't need the -A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT rule as they send router solicitations, they don't need to receive them. -- UFW default ICMPv6 before6.rules modification https://bugs.launchpad.net/bugs/299268 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 299268] [NEW] UFW default ICMPv6 before6.rules modification
Public bug reported: Binary package hint: ufw In ufw 0.23.2, a minor feature request: in the before6.rules, restrict NDP messages to hop limit to 255: -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p udp --sport 67 --dport 68 -m hl --hl-eq 255 -j ACCEPT This should limit NDP messages and DHCPv6 to the local network. ** Affects: ufw (Ubuntu) Importance: Undecided Status: New -- UFW default ICMPv6 before6.rules modification https://bugs.launchpad.net/bugs/299268 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 281525] Re: encrypted folder does not appear in Kubuntu
Yes, I was. I have since reinstalled but I can test again in a virtual machine - please let me know if you'd like me to. On Sun, Nov 9, 2008 at 4:56 AM, Dustin Kirkland <[EMAIL PROTECTED]> wrote: > Thanks for the report, Ryan. > > I tried to reproduce this, and I can't. I have a Private directory > mounted and readable on login under Kubuntu. > > By chance, are you using "Automatic Login"? > > :-Dustin > > ** Changed in: ecryptfs-utils (Ubuntu) > Status: New => Incomplete > > -- > encrypted folder does not appear in Kubuntu > https://bugs.launchpad.net/bugs/281525 > You received this bug notification because you are a direct subscriber > of the bug. > -- encrypted folder does not appear in Kubuntu https://bugs.launchpad.net/bugs/281525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 285897] [NEW] prepend domain-name-servers does not allow other addresses
Public bug reported: The option prepend domain-name-servers ; in /etc/dhcp3/dhclient.conf does not allow secondary and other servers to be added via DHCP. For example, prepend domain-name-servers 127.0.0.1; puts 127.0.0.1 in /etc/resolv.conf but doesn't add the DNS servers offered by DHCP. ** Affects: dhcp (Ubuntu) Importance: Undecided Status: New -- prepend domain-name-servers does not allow other addresses https://bugs.launchpad.net/bugs/285897 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 284150] Re: Ubuntu Intrepid updates cause ipw3495 wireless cards to fail
> It looks similar to an issue reported earlier today at bug#284150 (i hope that links to it). This is bug#284150. -- Ubuntu Intrepid updates cause ipw3495 wireless cards to fail https://bugs.launchpad.net/bugs/284150 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 284150] [NEW] Ubuntu Intrepid updates cause ipw3495 wireless cards to fail
Public bug reported: My Intel 3495 wireless works fine after an 8.10 install. After updating, nm-tool shows: - Device: wlan0 Type: 802.11 WiFi Driver:iwl3945 State: unavailable Default: no HW Address:00:00:00:00:00:00 Kernel version is 2.6.27-7-generic ** Affects: ubuntu Importance: Undecided Status: New ** Description changed: My Intel 3495 wireless works fine after an 8.10 install. After updating, nm-tool shows: - Device: wlan0 Type: 802.11 WiFi Driver:iwl3945 State: unavailable Default: no HW Address:00:00:00:00:00:00 + + + Kernel version is 2.6.27-7-generic -- Ubuntu Intrepid updates cause ipw3495 wireless cards to fail https://bugs.launchpad.net/bugs/284150 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 281525] [NEW] encrypted folder does not appear in Kubuntu
Public bug reported: The new private encrypted feature picked at install does not appear under Kubuntu 8.10. Description:Ubuntu intrepid (development branch) Release:8.10 ** Affects: ubuntu Importance: Undecided Status: New -- encrypted folder does not appear in Kubuntu https://bugs.launchpad.net/bugs/281525 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
Can the privacy extension be listed in /etc/sysctl.conf but commented out by default? putting sysctl -w net.ipv6.conf.all.use_tempaddr=2 in /etc/rc.local seemed to get it working on 8.04.1 for me. -- Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) https://bugs.launchpad.net/bugs/176125 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 246640] [NEW] dante-server "username" authentication method broken
Public bug reported: Binary package hint: dante-server Using the dante-server username authentication method, I get these errors on an Ubuntu 8.04.1 system: danted[7847]: run_request(): sending ack to mother failed: Broken pipe (errno = 32) The server runs successfully, but does not process username authentication requests. ** Affects: dante (Ubuntu) Importance: Undecided Status: New -- dante-server "username" authentication method broken https://bugs.launchpad.net/bugs/246640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 207019] Re: Hardy does not boot with newest generic kernel
In my case, adding in the boot option all_generic_ide fixed the problem. -- Hardy does not boot with newest generic kernel https://bugs.launchpad.net/bugs/207019 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 181236] Re: DVD instructions are incorrect
On Fri, Mar 14, 2008 at 4:27 AM, Matthew East <[EMAIL PROTECTED]> wrote: > I tend to agree with Phil that in general we shouldn't encourage > replacing default programs in Ubuntu unless absolutely necessary... but > we really need someone with a hardy system and a dvd player who can do a > bit of testing and advise us on the simplest way to get DVD support... > If "install libdvdread ; sudo /usr/share/doc/libdvdread3/install-css.sh > ; install gxine" works, then we should go with it. > > Can anyone help? > How does Dell enable DVD playback on their Ubuntu systems? -- DVD instructions are incorrect https://bugs.launchpad.net/bugs/181236 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs