Advisory: ---------------------------------------- The ipset package has been updated to version 7.6, fixing several bugs and compatibility with the latest kernels. References: http://ipset.netfilter.org/changelog.html ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- ipset-7.6-1.mga7 libipset13-7.6-1.mga7 libipset-devel-7.6-1.mga7 from ipset-7.6-1.mga7.src.rpm
MGA7-64 Plasma on Lenovo B50 No installation issues. No Wiki or previous updates. Found https://www.linuxjournal.com/content/advanced-firewall-configurations-ipset , but I don't feel "advanced" on this subject. The only commands that would do no harm in my hands: # ipset version ipset v7.6, protocol version: 7 # ipset list returns nothing (of course). Leaving for others.
CC: (none) => herman.viaene
There is something wrong with the bash autocompletion. I took a quick look at the file /usr/share/bash-completion/completions/ipset but failed to find what the issue is. $ ipset bash: syntax error near unexpected token `;;' add create del destroy e flush help list n rename restore save swap test version w x $ rpm -qa | grep ipset lib64ipset13-7.6-1.mga7 ipset-7.6-1.mga7
CC: (none) => mageia
@Herman with respect to comment 1: Don't know why there was no output from your ipset list. # ipset list Name: ifw_wl Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 200 References: 1 Number of entries: 0 Members: Name: ifw_bl Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600 Size in memory: 200 References: 1 Number of entries: 0 Members: # ipset list ifw_bl Name: ifw_bl Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 3600 Size in memory: 200 References: 1 Number of entries: 0 Members:
CC: (none) => tarazed25
@Len Tried again, still no feedback. And I am doing this on this wifi-connectedd laptop. Different HW ?? Mine is Intel 3160
@Herman Different hardware for sure. So, maybe a driver problem but that seems unlikely. One thing; on my network I have to remove firewall protection for each network device on all machines or they cannot see each other. Shall experiment a bit and get back to you.
Tried protecting eth0 in the firewall and tried 'ipset list' again. No problem, so that does not help. And LAN is still accessible but emacs has stopped working.
Installed and tested. All OK except one minor issue. Tested created, add, del, test, destroy, list, save, restore, flush, rename and swap. Tested a few types of set (hash:ip hash:ip,port hash:net hash:net,port). There is a minor issue with the bash autocompletion not working as described in comment 2. While it should be fixed, it should not block this update, IMO. $ ipset create droplist hash:ip $ cat /var/log/httpd/error.log | \ grep AH01630 | \ egrep -io "client: [^:]+" | \ egrep -io " .*" | \ sort -u \ (while read U ; do ipset add droplist "$U" ; done) $ ipset list Name: droplist Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 1784 References: 2 Number of entries: 33 Members: <SNIP> $ # iptable rules where setup manually to test ipset rules. $ iptables -vS -P INPUT ACCEPT -c 136415 148328301 -P FORWARD ACCEPT -c 0 0 -P OUTPUT ACCEPT -c 77005 14441585 -A INPUT -m set --match-set droplist src -c 80 3800 -j DROP -A FORWARD -m set --match-set droplist src -c 0 0 -j DROP $ iptables -vL Chain INPUT (policy ACCEPT 136K packets, 148M bytes) pkts bytes target prot opt in out source destination 80 3800 DROP all -- any any anywhere anywhere match-set droplist src Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any anywhere anywhere match-set droplist src Chain OUTPUT (policy ACCEPT 77007 packets, 14M bytes) pkts bytes target prot opt in out source destination $ uname -a Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep ipset lib64ipset13-7.6-1.mga7 ipset-7.6-1.mga7
This update has been working OK for more than a month so I'm pushing it forward. Please undo if needed.
Whiteboard: (none) => MGA7-64-OK
Validating, mostly on Comment 8. Advisory in Comment 0.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2020-0159.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED