61e1f3956b
Revert "iptables: Enable nftables ( #10786 )" ( #10814 )
2024-10-30 12:18:23 -07:00
301637a05a
iptables: Enable nftables ( #10786 )
2024-10-21 23:09:04 +05:30
75db9b8afc
iptables, flush and restore raw table ( #8501 )
...
As part of an iptables restart, flush and reset the netfilter raw table.
2024-04-01 11:40:44 -07:00
0d3c69bc28
iptables: package upgrade to 1.8.10 ( #7821 )
2024-02-09 17:44:48 -08:00
e2712ee59a
cyrus-sasl-bootstrap, ebtables, firewalld, ipset, iptables, mariadb, polkit, openssh: do not require any systemd packages
2024-02-06 19:23:18 -05:00
6359c27c2d
treewide: *.spec: switch Distribution to Azure Linux ( #7606 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-02-06 12:14:23 -08:00
e7314b913e
use systemd-bootstrap-rpm-macros
2024-01-30 16:23:16 -05:00
eb08b37916
Bump package version to recompile binaries with fixed gcc stack prote… ( #6253 )
...
* Bump package version to recompile binaries with fixed gcc stack protection (CVE-2023-4039)
* Bump debuginfo versions in toolchain manifests
* Bump kernel headers to match kernel
* Update SPECS/gettext/gettext.spec
Taking suggestion
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* Update for code review comments
* Fix for code review comment in qt5-qtdeclarative changelog
* Fix dash version for signed spec files
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-21 17:10:15 -04:00
f6fb8ba372
Remove redirect and add icmp to default iptables ( #5661 )
...
* iptables restart and default rulesets
Made some small modifications to iptables
Removed icmpv6 redirect iptables rule and disabled redirect kernel option
to keep in line with security best practices.
Adding icmpv4 type 3 for TTL decrementation allowing the host to
more effectively use traceroute.
Adding icmpv4 type 11 in the rare event that MTU negotiation
needs to occur.
2023-06-20 12:13:45 -07:00
9108b527d1
Allow DHCP6 related packets through firewall ( #5609 )
...
* Allow DHCP6 related packets through firewall
2023-06-05 10:19:44 -07:00
035419f702
[main] iptables: Update to 1.8.7 ( #1850 )
...
* Update iptables to 1.8.7
* Update cgmanifest
* Fix date
2022-01-06 09:44:30 -08:00
8ed8dfed3e
[dev] Revert ssh brute force prevention rules ( #1637 )
...
* Revert ssh brute force prevention added in commit #741 (#1508 )
* spec lint
Co-authored-by: Neha Agarwal <58672330+neha170@users.noreply.github.com>
2021-11-10 22:30:40 -08:00
8740bb5658
Add ipset service files and subpackage, iptables services subpackage ( #1479 )
2021-10-01 16:53:26 -07:00
17b0e93e71
Merge 1.0 to dev branch
...
This merge brings the latest SELinux and many packages and CVE fixes from the 1.0 branch.
2021-08-19 13:46:51 -07:00
4859da4e1b
Merge branch '1.0' into thcrain/pain (March Update)
2021-04-13 15:40:16 -05:00
11698ae9f4
Iptables: Add ssh brute force protection rules ( #741 )
...
* Add iptables rules to prevent over 6 ssh connection attempts within a minute
* Verify license
2021-03-22 11:45:51 -04:00
7a714be4d0
[dev] Configure systemd to support merged /usr ( #348 )
...
* Configure systemd to support merged /usr
* Update clamav systemd dir
* Update chroot systemd-rpm-macros ver
* systemd changelog
* Lint, excluding systemd scriptlet changes
* Add systemd-rpm-macros in toolchain manifests
* arch correction
* Remove inline hash
2020-11-11 09:36:21 -08:00
b877013b27
Initial CBL-Mariner commit to GitHub
2020-08-06 20:17:52 -07:00
Christopher Co
Sumedh Alok Sharma
AZaugg
amritakohli
Dan Streetman
Muhammad Falak R Wani
jslobodzian
rlmenge
Thomas Crain
rychenf1