DEBIAN-CVE-2024-42270

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptablenattableinit. We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. 0 The problem is that iptablenattableinit is exposed to user space before the...

CVE-2019-9946

Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...

Code injection

Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...

[fwknop] Single Packet Authorization and Port Knocking

fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization SPA. This method of authorization is based around a default-drop packet filter fwknop supports iptables on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD and libpcap...