Änderungen von packages/iptables.en zwischen Version 11 und Version 12


Ignorieren:
Zeitstempel:
26.03.2017 22:04:07 (vor 17 Monaten)
Autor:
RomMon
Kommentar:

Legende:

Unverändert
Hinzugefügt
Entfernt
Geändert
  • packages/iptables.en

    v11 v12  
    22 
    33= iptables = 
     4 
     5== Current state (largely broken) == 
     6For the 7390 and later, but also for the 7270 with releases from the last years, iptables doesn't work with 'connection tracking' and 'state matching'.[[br]] Without these two options a lot of configuration scenarios are not possible. If you look for an iptables/ip6tables solution without the use of connection tracking or state matching you can try to add ip tables form the Freetz menu configuration (make menuconfig), but read on for additional information. [[br]] 
     7 
     8What I understood the reason for connection tracking & state matching not working is two fold. [[br]] 
     9For connection tracking and state matching specifically, AVM has its own connection tracking solution, which uses the same symbol names, causing a conflict with the iptables modules. Secondly the behavior of Packet Acceleration (PA) causes packets not to be handled by the kernel, but by the PA kernel module ([http://www.wehavemorefun.de/fritzbox/Avm_pa.ko Avm_pa.ko]).  Packet Acceleration is a feature that AVM introduced years back (end 2011). [[br]] 
     10 
     11An reason not to use an older firmware for e.g. the 7270 is a significant vulnerability that was publically misused around February 2014 ([https://www.heise.de/newsticker/meldung/Angriffe-auf-Fritzboxen-AVM-empfiehlt-Abschaltung-der-Fernkonfiguration-2106542.html vulnerability info]). AVM released firmware fixes for most boxes. [[br]] 
     12 
     13 
    414== What is iptables and who needs it? == 
    515