* Signature for newly released iptables-1.8.11 package
@ 2025-03-07 16:40 Guido Trentalancia
2025-03-07 16:49 ` Jeremy Sowden
0 siblings, 1 reply; 5+ messages in thread
From: Guido Trentalancia @ 2025-03-07 16:40 UTC (permalink / raw)
To: netfilter-devel
The newly released iptables version 1.8.11 source package has been
signed using a new gpg key 8C5F7146A1757A65E2422A94D70D1A666ACF2B21.
Unfortunately it seems that such key has not been published yet on
public keyservers.
Can someone please publish the new gpg key used to sign newer iptables
releases ?
Thanks,
Guido
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Signature for newly released iptables-1.8.11 package
2025-03-07 16:40 Signature for newly released iptables-1.8.11 package Guido Trentalancia
@ 2025-03-07 16:49 ` Jeremy Sowden
2025-03-07 16:56 ` Guido Trentalancia
2025-03-10 10:05 ` Pablo Neira Ayuso
0 siblings, 2 replies; 5+ messages in thread
From: Jeremy Sowden @ 2025-03-07 16:49 UTC (permalink / raw)
To: Guido Trentalancia; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 449 bytes --]
On 2025-03-07, at 17:40:01 +0100, Guido Trentalancia wrote:
> The newly released iptables version 1.8.11 source package has been
> signed using a new gpg key 8C5F7146A1757A65E2422A94D70D1A666ACF2B21.
>
> Unfortunately it seems that such key has not been published yet on
> public keyservers.
>
> Can someone please publish the new gpg key used to sign newer iptables
> releases ?
It's here: https://netfilter.org/about.html#gpg.
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 931 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Signature for newly released iptables-1.8.11 package
2025-03-07 16:49 ` Jeremy Sowden
@ 2025-03-07 16:56 ` Guido Trentalancia
2025-03-10 10:05 ` Pablo Neira Ayuso
1 sibling, 0 replies; 5+ messages in thread
From: Guido Trentalancia @ 2025-03-07 16:56 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: netfilter-devel
Thanks Jeremy.
Ideally the key should be also published on public keyserver for
maximum efficacy and security.
Regards,
Guido
On Fri, 07/03/2025 at 16.49 +0000, Jeremy Sowden wrote:
> On 2025-03-07, at 17:40:01 +0100, Guido Trentalancia wrote:
> > The newly released iptables version 1.8.11 source package has been
> > signed using a new gpg key
> > 8C5F7146A1757A65E2422A94D70D1A666ACF2B21.
> >
> > Unfortunately it seems that such key has not been published yet on
> > public keyservers.
> >
> > Can someone please publish the new gpg key used to sign newer
> > iptables
> > releases ?
>
> It's here: https://netfilter.org/about.html#gpg.
>
> J.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Signature for newly released iptables-1.8.11 package
2025-03-07 16:49 ` Jeremy Sowden
2025-03-07 16:56 ` Guido Trentalancia
@ 2025-03-10 10:05 ` Pablo Neira Ayuso
[not found] ` <1741780160.5386.23.camel@trentalancia.com>
1 sibling, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2025-03-10 10:05 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Guido Trentalancia, netfilter-devel
Hi,
On Fri, Mar 07, 2025 at 04:49:48PM +0000, Jeremy Sowden wrote:
> On 2025-03-07, at 17:40:01 +0100, Guido Trentalancia wrote:
> > The newly released iptables version 1.8.11 source package has been
> > signed using a new gpg key 8C5F7146A1757A65E2422A94D70D1A666ACF2B21.
> >
> > Unfortunately it seems that such key has not been published yet on
> > public keyservers.
> >
> > Can someone please publish the new gpg key used to sign newer iptables
> > releases ?
>
> It's here: https://netfilter.org/about.html#gpg.
I just post the new keys again to PGP servers, if it does not show up,
please let me know.
Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Signature for newly released iptables-1.8.11 package
[not found] ` <1741780160.5386.23.camel@trentalancia.com>
@ 2025-03-12 12:07 ` Pablo Neira Ayuso
0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2025-03-12 12:07 UTC (permalink / raw)
To: Guido Trentalancia; +Cc: netfilter-devel
Hi,
On Wed, Mar 12, 2025 at 12:49:20PM +0100, Guido Trentalancia wrote:
> Hello Pablo this is off-list.
>
> By the way, there is a patch that seems to be stuck on the basis of the
> fact that an existing feature such as hostname-based iptables rules are
> presumably unsafe.
>
> I am referring to the following patch:
>
> https://lore.kernel.org/netfilter-devel/1741369231.5380.37.camel@trenta
> lancia.com/T/#m5e68fc86c299f9d7d372813397253dcda1086170
>
> The comments have just been looping on the assumption that hostname-
> based filtering is unsafe and should not be used, while circumstances
> might vary, the feature is not necessarily unsafe and in any case the
> real problem of possible DNS failures, which might cause the dropping
> of all rules (leaving the system in a truly unsafe state), is not being
> addressed.
>
> I hope this helps.
Thanks for your feedback.
I agree with what has been said on this already on the mailing list,
you should not rely on filter by name
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-03-12 12:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-07 16:40 Signature for newly released iptables-1.8.11 package Guido Trentalancia
2025-03-07 16:49 ` Jeremy Sowden
2025-03-07 16:56 ` Guido Trentalancia
2025-03-10 10:05 ` Pablo Neira Ayuso
[not found] ` <1741780160.5386.23.camel@trentalancia.com>
2025-03-12 12:07 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).