IPTables 1.2.9-patch

Discuss and suggest new grsecurity features

IPTables 1.2.9-patch

Postby MrTux » Sun Nov 02, 2003 4:38 pm

in order to use the grsecurity-1.2.8-iptables-patch with iptables-1.2.9 (final) you have to change the lines from 8 to 10 (3 lines) to this:
Code: Select all
-PF_EXT_SLIB:=ah connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF_EXT_SLIB:=ah connlimit connmark conntrack dscp ecn esp helper stealth icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
 PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard tcp udp HL LOG MARK TRACE
MrTux
 
Posts: 14
Joined: Wed Jul 23, 2003 1:11 pm

Return to grsecurity development