Re: [PATCH RFC 0/4] net: add bpfilter

On 19 February 2018 at 16:36, David Miller wrote: > > I think netfilter is at a real crossroads right now. > I don't think so. The Netfilter Project and the Netfilter Community already "agreed" on nftables and we are working on it. But this isn't a secret, right? We have

Re: [PATCH RFC 0/4] net: add bpfilter

On 19 February 2018 at 16:36, David Miller wrote: > > I think netfilter is at a real crossroads right now. > I don't think so. The Netfilter Project and the Netfilter Community already "agreed" on nftables and we are working on it. But this isn't a secret, right? We have

Accepted suricata 1:4.0.4-1 (source) into unstable

hanged-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-oinkmaster - Integration package between suricata and oinkmaster Closes: 889842 Changes: suricata (1:4.0.4-1) unstable; urgency=medium . * [3f18cd

Accepted libhtp 1:0.5.26-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 14 Feb 2018 11:22:45 +0100 Source: libhtp Binary: libhtp-dev libhtp2 Architecture: source Version: 1:0.5.26-1 Distribution: unstable Urgency: medium Maintainer: Arturo Borrero Gonzalez <art...@debian.org> Changed-By:

Bug#889649: [pkg-netfilter-team] Bug#889649: FTBFS with debhelper 10

On 5 February 2018 at 11:08, Daniel Baumann wrote: > Package: iptables > Version: 1.6.2-1 > Severity: normal > > Hi, > > thanks for all the work you're doing for iptables/nftables in debian, > much appreciated. > > when doing local backport of iptables 1.6.2-1

Bug#888442: [pkg-netfilter-team] Bug#888442: [nftables] Crash when list(ing) ip6tables-compat CT rules

Control: fixed -1 0.8.2-1 On 25 January 2018 at 17:33, Charlemagne Lasse wrote: > Package: nftables > Version: 0.7-1 > Severity: important > > The nft list crashes when an ip6tables-compat CT rule is found also in > iptables-compat. This is either an assert with 0.7-1

Bug#881580: googleearth-package: Generated package is uninstallable, and application unrunnable

On Sun, 12 Nov 2017 22:18:54 -0800 Dima Kogan wrote: > Package: googleearth-package > Version: 1.2.2dima1 > Severity: grave > > Hi. I'm installing googleearth on a recent Debian/sid on amd64. Clearly > I need to have the i386 foreign arch enabled. It'd be nice if the > install

Bug#881580: googleearth-package: Generated package is uninstallable, and application unrunnable

On Sun, 12 Nov 2017 22:18:54 -0800 Dima Kogan wrote: > Package: googleearth-package > Version: 1.2.2dima1 > Severity: grave > > Hi. I'm installing googleearth on a recent Debian/sid on amd64. Clearly > I need to have the i386 foreign arch enabled. It'd be nice if the > install

Accepted nftables 0.8.2-1 (source) into unstable

org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: nftables - Program to control packet filtering rules by Netfilter project Closes: 888715 Changes: nftables (0.8.2-1) unstable; urgency=medium . [ Helmut Grohne ] * [159958f] d/rules: use dh_auto_confi

Accepted iptables 1.6.2-1 (source) into unstable

: 1.6.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Netfilter Packaging Team <pkg-netfilter-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: iptables - administration tools for packet filtering and NAT iptables-dev -

Bug#888695: nftables: Enabled systemd service blocks boot sequence

On 28 January 2018 at 11:12, Paolo Rosquin wrote: > Package: nftables > Version: 0.8.1-1 > Severity: important > Tags: upstream > > Dear Maintainer, > > When nftables is enabled at boot time, it will fail to load and stop the whole > booting process with "A start job is

Re: question about UNDEFINE/REDEFINE

On 23 January 2018 at 04:40, David Fabian wrote: > Hello Pablo, > > Dne úterý 23. ledna 2018 12:07:28 CET, Pablo Neira Ayuso napsal(a): >> I'm asking here because I would need to understand better how you've >> structured your scripts, if you could explain a bit more, we

Bug#878960: requires iptables 1.6.1

Control: fixed -1 0.8-2 On Wed, 18 Oct 2017 05:59:50 +0200 Daniel Baumann wrote: > Package: nftables > Version: 0.8-1 > > Hi, > > nftables requires iptables >= 1.6.1 in order to build. It's not so much > of a problem since sid has new enough iptables, however,

Bug#887716: [pkg-netfilter-team] Bug#887716: not necessarily not running

On Fri, 19 Jan 2018 21:58:11 +0800 =?utf-8?B?56mN5Li55bC8?= Dan Jacobson wrote: > I'm just saying > > nftables.service is a disabled or a static unit not running, not starting > > it. > perhaps could be better written > > nftables.service is disabled. Not starting it. > or >

Bug#887642: Fwd: nftables: nft flush map error

On Thu, 18 Jan 2018 11:29:26 -0500 "ad^2" wrote: > Kernel: Linux 4.4.0-87-generic (SMP w/1 CPU core) You are using an old kernel. Please update. Also, it seems you are using Ubuntu. In that case, is better to ask for help in proper Ubuntu support channels, since they may

Re: [PATCH nf-next] netfilter: remove messages print and boot/module load time

o let's be consistent and remove them all. > > Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org> Acked-by: Arturo Borrero Gonzalez <art...@netfilter.org> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[MediaWiki-commits] [Gerrit] labs/toollabs[master]: d/changelog: refresh entry for relase

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/405325 ) Change subject: d/changelog: refresh entry for relase .. d/changelog: refresh entry for relase Prepare a new release

[MediaWiki-commits] [Gerrit] labs/toollabs[master]: crontab: convert to mostly binary processing, and use surrog...

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/394923 ) Change subject: crontab: convert to mostly binary processing, and use surrogates for text .. crontab: convert

Bug#887642: Fwd: nftables: nft flush map error

On 18 January 2018 at 17:29, ad^2 wrote: > --- >* Expected outcome: remove the elements from the map. This works here: % sudo nft add map inet filter m1 {type ipv4_addr : verdict \; } % sudo nft list ruleset table inet filter { map m1 { type ipv4_addr :

Bug#887716: [pkg-netfilter-team] Bug#887716: not necessarily not running

On 19 January 2018 at 11:46, 積丹尼 Dan Jacobson wrote: > Package: nftables > Version: 0.8.1-1 > Severity: minor > > Setting up nftables (0.8.1-1) ... > nftables.service is a disabled or a static unit not running, not starting it. > > Not completely correct. Yes it is disabled,

Bug#887642: [pkg-netfilter-team] Bug#887642: Duplicate of 887641

merge 887642 887641

Bug#887643: [pkg-netfilter-team] Bug#887643: Error: syntax error, unexpected ., expecting comma or '}'

On 18 January 2018 at 17:41, ad^2 wrote: > > Package: nftables > Version: 0.8.1-1 > Severity: normal > > Dear Maintainer, > > *** Reporter, please consider answering these questions, where appropriate > *** > >* Converting working iptables rules to nft rules. >*

Bug#887718: [pkg-netfilter-team] Bug#887718: mention "nftables" in the the NAME or DESCRIPTION

On 19 January 2018 at 11:50, 積丹尼 Dan Jacobson wrote: > Package: nftables > Version: 0.8.1-1 > Severity: wishlist > File: /usr/share/man/man8/nft.8.gz > > The man page should mention the word "nftables" earlier. > Currently one must read down 100 lines before it is even

[nft PATCH] doc/nft.xml: mention nftables earlier

"nftables" as early as the NAME or DESCRIPTION. >>> Requested-by: Dan Jacobson <jida...@jidanni.org> Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- doc/nft.xml |7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/n

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: apt-upgrades: dont fail if new packages are being insta...

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/404963 ) Change subject: apt: apt-upgrades: dont fail if new packages are being installed .. apt: apt-upgrades: dont fail

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: apt-upgrades: dont fail if new packages are being insta...

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/404963 ) Change subject: apt: apt-upgrades: dont fail if new packages are being installed .. apt: apt-upgrades: dont fail if new

Re: Default page view for salsa repositories

On 18 January 2018 at 11:15, Alex Mestiashvili wrote: > Hi All, > > while browsing through salsa.debian.org packages I got a feeling that > displaying upstream's Readme by default is not exactly relevant to > Debian packages. I guess it would make more sense do display >

Bug#755956: libnftnl FTBFS with clang

On Thu, 13 Apr 2017 10:32:25 -0700 Khem Raj <raj.k...@gmail.com> wrote: > On Tue, 30 Dec 2014 16:54:55 +0100 Arturo Borrero Gonzalez > <arturo.borrero.g...@gmail.com> wrote: > > Hi Alexander, > > > > Would you mind to check if the issue still happens in the l

Bug#886793: [pkg-netfilter-team] Bug#886793: iptables-save: add reset chains counters and add help

On 9 January 2018 at 23:14, Alban Vidal wrote: > Package: iptables > Version: 1.6.1-2~bpo9+1 > Severity: wishlist > Tags: patch > > Dear Maintainers, > > Please find attached a suggest patch to add functionality in iptables-save. > Please split the patches in individual

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: ensure python3-apt is installed

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/404740 ) Change subject: apt: unattended-upgrades: ensure python3-apt is installed .. apt: unattended-upgrades: ensure

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: improvements for apt-upgrade script

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/404736 ) Change subject: apt: unattended-upgrades: improvements for apt-upgrade script .. apt: unattended-upgrades

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: ensure python3-apt is installed

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/404740 ) Change subject: apt: unattended-upgrades: ensure python3-apt is installed .. apt: unattended-upgrades: ensure python3-apt

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: improvements for apt-upgrade script

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/404736 ) Change subject: apt: unattended-upgrades: improvements for apt-upgrade script .. apt: unattended-upgrades: improvements

Accepted nftables 0.8.1-1 (source) into unstable

org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: nftables - Program to control packet filtering rules by Netfilter project Changes: nftables (0.8.1-1) unstable; urgency=medium . * [46be8e1] d/control: update git URLs * [77d8cc2] New upstream v

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: add targetted upgrades script

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398079 ) Change subject: apt: unattended-upgrades: add targetted upgrades script .. apt: unattended-upgrades: add targetted

Accepted libnftnl 1.0.9-2 (source) into unstable

r-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: libnftnl-dev - Development files for libnftnl libnftnl7 - Netfilter nftables userspace API library Changes: libnftnl (1.0.9-2) unstable; urgency=medium . * [3376f15] d/compat: bump to v11 *

[MediaWiki-commits] [Gerrit] operations/puppet[production]: aptly: Update published repo distributions

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/399667 ) Change subject: aptly: Update published repo distributions .. aptly: Update published repo distributions * Precise

Accepted libnftnl 1.0.9-1 (source amd64) into experimental

r-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: libnftnl-dev - Development files for libnftnl libnftnl7 - Netfilter nftables userspace API library Changes: libnftnl (1.0.9-1) experimental; urgency=medium . * [e866ce5] d/control: upd

[MediaWiki-commits] [Gerrit] operations/puppet[production]: role::puppetmaster::standalone: rename ferm rule to be more ...

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401716 ) Change subject: role::puppetmaster::standalone: rename ferm rule to be more explicit .. role::puppetmaster

[MediaWiki-commits] [Gerrit] operations/puppet[production]: role::puppetmaster::standalone: rename ferm rule to be more ...

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/401716 ) Change subject: role::puppetmaster::standalone: rename ferm rule to be more explicit .. role::puppetmaster::standalone

[MediaWiki-commits] [Gerrit] operations/puppet[production]: role::puppetmaster::standalone: add ferm rules to allow conn...

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/394101 ) Change subject: role::puppetmaster::standalone: add ferm rules to allow connecting to tcp/8140 .. role

Re: Team naming policy on salsa.debian.org

On 26 December 2017 at 13:12, Jonathan McDowell wrote: > On Mon, Dec 25, 2017 at 11:45:37AM +0100, Alexander Wirt wrote: > >> Teams >> - >> >> For larger projects you can also create a group to host your projects. >> To avoid clashes with usernames (that share the same

Re: salsa.debian.org (git.debian.org replacement) going into beta

On 26 December 2017 at 12:28, Alexander Wirt <formo...@debian.org> wrote: > On Tue, 26 Dec 2017, Arturo Borrero Gonzalez wrote: >> >> I was specifically thinking about a mailing list for the Maintainer: field. >> We would like to keep a single point of contact for us

Re: salsa.debian.org (git.debian.org replacement) going into beta

On 26 December 2017 at 11:03, Alexander Wirt <formo...@debian.org> wrote: > On Tue, 26 Dec 2017, Arturo Borrero Gonzalez wrote: > >> On 26 December 2017 at 10:22, Alexander Wirt <formo...@debian.org> wrote: >> > On Tue, 26 Dec 2017, Jonathan Dowland wrote: >>

Bug#798356: libnftables included in nftables

The libnftables library will be included in the upstream nftables source tarball.

Bug#798356: libnftables included in nftables

The libnftables library will be included in the upstream nftables source tarball.

Re: salsa.debian.org (git.debian.org replacement) going into beta

On 26 December 2017 at 10:22, Alexander Wirt wrote: > On Tue, 26 Dec 2017, Jonathan Dowland wrote: > >> On Tue, Dec 26, 2017 at 08:16:41AM +0100, Alexander Wirt wrote: >> > On Mon, 25 Dec 2017, Marco d'Itri wrote: >> > > I am not looking forward to update all Vcs-Git and

Bug#884852: implement a way to report packages installed from a given repository

Package: apt Version: 1.6~alpha5 Severity: wishlist Dear apt maintainers/developers, thanks for your hard work with key package! It's really appreciated :-) I would love to have a clean way to generate a report of packages installed from a given repository. Example: sources.list contains 'deb

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: report-pending-upgrades.sh: add verbosity flag

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/398458 ) Change subject: apt: report-pending-upgrades.sh: add verbosity flag .. apt: report-pending-upgrades.sh: add

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: report-pending-upgrades.sh: add verbosity flag

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398458 ) Change subject: apt: report-pending-upgrades.sh: add verbosity flag .. apt: report-pending-upgrades.sh: add verbosity flag

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: add reporter script

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/394572 ) Change subject: apt: unattended-upgrades: add reporter script .. apt: unattended-upgrades: add reporter script

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Revert "cloud: setup for attended upgrade process""

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398259 ) Change subject: Revert "Revert "cloud: setup for attended upgrade process"" .. Revert "Revert &

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: add targetted upgrades scripts

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/398079 ) Change subject: apt: unattended-upgrades: add targetted upgrades scripts .. apt: unattended-upgrades: add targetted

Accepted suricata 1:4.0.3-1 (source) into unstable

hanged-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-oinkmaster - Integration package between suricata and oinkmaster Changes: suricata (1:4.0.3-1) unstable; urgency=medium . [ Sascha Steinbiss ] * [

Re: ISO download difficult (was: Debian Stretch new user report (vs Linux Mint))

On 1 December 2017 at 14:39, W. Martin Borgert wrote: > Quoting Paul Wise : >> >> It would have been best for him to download the ISO with non-free >> firmware embedded, do you know how he made the decision to download >> the ISO without non-free firmware? > >

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: add reporter script

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/394572 ) Change subject: apt: unattended-upgrades: add reporter script .. apt: unattended-upgrades: add reporter script This new

Re: [PATCH nf-next] netfilter: meta: secpath support

On 1 December 2017 at 13:40, Florian Westphal wrote: > replacement for iptables "-m policy --dir in --policy {ipsec,none}". > > Signed-off-by: Florian Westphal > --- > include/uapi/linux/netfilter/nf_tables.h | 2 ++ > net/netfilter/nft_meta.c |

Re: Debian Stretch new user report (vs Linux Mint)

On 1 December 2017 at 12:23, Michael Biebl <bi...@debian.org> wrote: > Am 01.12.2017 um 07:34 schrieb Paul Wise: >> On Fri, Dec 1, 2017 at 1:36 AM, Arturo Borrero Gonzalez wrote: >> >>> * no support for the wifi interface of the dekstop machine (this was >>>

Debian Stretch new user report (vs Linux Mint)

Hi, Please take this email as another call to keep the hard work in improving our operating system and user experience, specially for new users. Several times I've detected that we lack reports from final users using our system, so here is another case. Recently a friend of mine tried his first

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: add --force-confold/--force-confdef dpkg option to apt ...

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/392421 ) Change subject: apt: add --force-confold/--force-confdef dpkg option to apt calls .. apt: add --force-confold

[MediaWiki-commits] [Gerrit] operations/puppet[production]: role::puppetmaster::standalone: add ferm rules to allow conn...

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/394101 ) Change subject: role::puppetmaster::standalone: add ferm rules to allow connecting to tcp/8140 .. role::puppetmaster

Re: please check links and text in Spanish.wml

On 29 November 2017 at 17:55, Juan Mendez wrote: > LGTM > > 2017-11-29 15:53 GMT+01:00 Stéphane Blondon : >> >> Hello, Thanks both Stéphane and Juan for your contributions to Debian. We welcome every contribution! :-) Gracias a ambos! Agradecemos

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: add comment about security upgrades

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/394080 ) Change subject: apt: unattended-upgrades: add comment about security upgrades .. apt: unattended-upgrades: add

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended-upgrades: add comment about security upgrades

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/394080 ) Change subject: apt: unattended-upgrades: add comment about security upgrades .. apt: unattended-upgrades: add comment

Re: Please give back nftables on stretch-backports

On 27 November 2017 at 13:19, James Cowgill <jcowg...@debian.org> wrote: > Hi, > > On 27/11/17 11:52, Arturo Borrero Gonzalez wrote: >> Dear team, >> >> due to a race in how packages were accepted from stretch-backports >> NEW, buildd tried to

Accepted nftables 0.8-2 (source) into unstable

org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: nftables - Program to control packet filtering rules by Netfilter project Changes: nftables (0.8-2) unstable; urgency=medium . * [95b5638] d/t/internaltest-py.sh: enable test, dummy module not required *

Please give back nftables on stretch-backports

Dear team, due to a race in how packages were accepted from stretch-backports NEW, buildd tried to build nftables without libxtables (from src:iptables) which resulted in FTBFS. Now that both packages are in stretch-backports, nftables should be build.

Re: [PATCH nft] src: deprecate "flow table" syntax, replace it by "meter"

to reduce chances of breaking things. > At some point the former syntax will just be removed. > > Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1137 > Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org> > I agree. What about adding a warning in case of using th

Accepted suricata 1:4.0.1-2 (source) into unstable

hanged-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-oinkmaster - Integration package between suricata and oinkmaster Closes: 882442 Changes: suricata (1:4.0.1-2) unstable; urgency=medium . * [d9998

Bug#868059: tc: m_xt: Segfault with iptables-1.6.0

On 22 November 2017 at 18:28, Cyril Brulebois wrote: > Control: severity -1 serious > Control: tag -1 pending > > Hi Gabor, > > (I'm cc-ing the iptables maintainers so that they can correct me if I'm > wrong in my findings below; iproute2's maintainer Alexander; and Julian >

Bug#868059: tc: m_xt: Segfault with iptables-1.6.0

On 22 November 2017 at 18:28, Cyril Brulebois wrote: > Control: severity -1 serious > Control: tag -1 pending > > Hi Gabor, > > (I'm cc-ing the iptables maintainers so that they can correct me if I'm > wrong in my findings below; iproute2's maintainer Alexander; and Julian >

Re: nftables: lockout with 0008split_tables_0 test

On 21 November 2017 at 19:39, Arturo Borrero Gonzalez <art...@netfilter.org> wrote: > On 21 November 2017 at 18:09, Florian Westphal <f...@strlen.de> wrote: >> >> Yes, thats expected. >> First ssh base chain gets invoked, which accepts any packet >> eithe

Re: nftables: lockout with 0008split_tables_0 test

On 21 November 2017 at 18:09, Florian Westphal wrote: > > Yes, thats expected. > First ssh base chain gets invoked, which accepts any packet > either by verdict or policy. > > Then next base chain gets consulted which drops the packet. > > I would suggest to either swap the

Re: Proposed change of offensive packages to -offensive

On 21 November 2017 at 14:01, Ian Jackson wrote: > We have an (AFAICT informal) convention that packages with offensive > content, or content in questionable taste, should have names ending in > -off. This abbreviation is unnecessary, and increases the chances >

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: add class apt::dpkg-confold and include it from apt::un...

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/392421 ) Change subject: apt: add class apt::dpkg-confold and include it from apt::unattendedupgrades .. apt: add class apt::dpkg

Re: conntracd init.d reload is broken on Centos6

Please avoid top-posting. On 17 November 2017 at 23:55, Jason Hendry wrote: > Turns out sending conntrackd a -HUP signal causes it to die. I can not > find any documentation/reference on what signals conntrackd accepts, > is there one to tell it to reload its config? We are

Bug#881931: please enable missing nftables modules

Source: linux Version: 4.13.4-2 Severity: wishlist Dear kernel maintainers, thanks for your hard work with this package, it's really appreciated. Please, enable missing nftables modules: [...] # CONFIG_NFT_RT is not set CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_SET_RBTREE=m

Bug#881931: please enable missing nftables modules

Source: linux Version: 4.13.4-2 Severity: wishlist Dear kernel maintainers, thanks for your hard work with this package, it's really appreciated. Please, enable missing nftables modules: [...] # CONFIG_NFT_RT is not set CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_SET_RBTREE=m

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended upgrades for wikimedia packages by default

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/389480 ) Change subject: apt: unattended upgrades for wikimedia packages by default .. apt: unattended upgrades

[MediaWiki-commits] [Gerrit] integration/commit-message-validator[master]: commit_message_validator: homogeinize case in footers

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/391590 ) Change subject: commit_message_validator: homogeinize case in footers .. commit_message_validator: homogeinize case

[MediaWiki-commits] [Gerrit] operations/puppet[production]: maintain-views: implement connection timeouts for views crea...

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/391586 ) Change subject: maintain-views: implement connection timeouts for views creation .. maintain-views: implement connection

[MediaWiki-commits] [Gerrit] operations/puppet[production]: apt: unattended upgrades -updates suites by default

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/390431 ) Change subject: apt: unattended upgrades -updates suites by default .. apt: unattended upgrades -updates suites by default

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Add hifwiktionary too labsdb.yaml

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/389555 ) Change subject: Add hifwiktionary too labsdb.yaml .. Add hifwiktionary too labsdb.yaml Bug: T173643 Change-Id

[MediaWiki-commits] [Gerrit] labs/private[master]: passwords: add labs key for arturo

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/390027 ) Change subject: passwords: add labs key for arturo .. passwords: add labs key for arturo Add labs SSH key for arturo

[MediaWiki-commits] [Gerrit] operations/puppet[production]: base: labs: unattended upgrades for wikimedia packages

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/389480 ) Change subject: base: labs: unattended upgrades for wikimedia packages .. base: labs: unattended upgrades for wikimedia

Bug#788651: viking no longer segfaults at start

Control: fixed -1 1.6.2-3 Hi, I confirm that viking no longer segfaults at start, at least this version 1.6.2-3. % sudo LANG=C aptitude show viking Package: viking Version: 1.6.2-3+b1 New: yes State: installed Automatically installed: no Priority: optional Section: utils Maintainer: Bernd

nftables issue with sets

Control: reassign -1 linux 4.13 Control: tags -1 patch upstream Hi, this is probably a bug in the kernel, nf_tables subsystem. This patch seems to address the issue: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/commit/?id=0414c78f14861cb704d6e6888efd53dd36e3bdde I think the

Bug#880145: nftables issue with sets

Control: reassign -1 linux 4.13 Control: tags -1 patch upstream Hi, this is probably a bug in the kernel, nf_tables subsystem. This patch seems to address the issue: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/commit/?id=0414c78f14861cb704d6e6888efd53dd36e3bdde I think the

[MediaWiki-commits] [Gerrit] operations/puppet[production]: diamond: nfsiostat update collector to read from arbitrary N...

Arturo Borrero Gonzalez has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/387243 ) Change subject: diamond: nfsiostat update collector to read from arbitrary NFS mount points .. diamond: nfsiostat

[MediaWiki-commits] [Gerrit] operations/puppet[production]: diamond: nfsiostat: update collector to read from arbitrary ...

Arturo Borrero Gonzalez has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/387243 ) Change subject: diamond: nfsiostat: update collector to read from arbitrary NFS mount points .. diamond: nfsiostat: update

Re: Wheezy update of suricata?

On 27 October 2017 at 20:06, Thorsten Alteholz wrote: > Dear maintainer(s), > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of suricata: > https://security-tracker.debian.org/tracker/source-package/suricata > >

Bug#879684: nftables: cannot set rules with a script

Hi! thanks for the bug report :-) This seems to be some kind of issue with the syntax. If you rearrange the rules like in the attached file (based on yours) then all the ruleset loads fine. You seem to be mixing 2 syntax in the same 'batch', which seems to be the cause of the confusion for

Accepted suricata 1:4.0.1-1 (source amd64) into unstable

hanged-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-oinkmaster - Integration package between suricata and oinkmaster Changes: suricata (1:4.0.1-1) unstable; urgency=medium . * [72d28e5] d/control:

Bug#863518: Closing bug

Hi, closing this bug now. This seems bogus.

Bug#862318: bug fixed in nftables v0.8

Control: fixed -1 0.8-1 Hi, this bug is fixed in nftables v0.8 which is now in the archive.

Bug#862320: nftables v0.8 available in Debian

Hi, Debian now contains nftables v0.8 which includes support for ct helpers.

Accepted nftables 0.8-1 (source amd64) into unstable

r-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: nftables - Program to control packet filtering rules by Netfilter project Closes: 873856 Changes: nftables (0.8-1) unstable; urgency=medium . [ Alexander Greiner-Bär ] * [4157de9] nftables.service:

Bug#878950: nftables: update nftables to 0.8

Control: tags -1 pending On 18 October 2017 at 01:01, Matteo Croce wrote: > Package: nftables > Version: 0.7-2 > Severity: wishlist > > Dear Maintainer, > > Please consider updating nftables to 0.8 which finally > supports TCP MSS clamping to MTU. > Doing that right now

Bug#878948:

Control: found -1 17.2.2-1

Bug#878948:

Control: found -1 17.2.2-1

<    2   3   4   5   6   7   8   9   10   11   >