Compile the kernel with SYNPROXY module #4993
Comments
pelwell
added a commit
that referenced
this issue
Apr 19, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
|
There are a few "SYNPROXY" config settings, but I see from the thread that it is |
pelwell
added a commit
that referenced
this issue
Apr 20, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
pelwell
added a commit
that referenced
this issue
Apr 20, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
pelwell
added a commit
that referenced
this issue
Apr 20, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
pelwell
added a commit
that referenced
this issue
Apr 20, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
Apr 20, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
added a commit
to raspberrypi/firmware
that referenced
this issue
Apr 22, 2022
See: raspberrypi/linux#4940 kernel: config: Enable the NFT_SYNPROXY module See: raspberrypi/linux#4993 kernel: configs: (Re)Enable CONFIG_IR_TOY See: raspberrypi/linux#4997
popcornmix
added a commit
to raspberrypi/rpi-firmware
that referenced
this issue
Apr 22, 2022
See: raspberrypi/linux#4940 kernel: config: Enable the NFT_SYNPROXY module See: raspberrypi/linux#4993 kernel: configs: (Re)Enable CONFIG_IR_TOY See: raspberrypi/linux#4997
|
Should be in latest rpi-update kernel. |
popcornmix
pushed a commit
that referenced
this issue
Apr 25, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Apr 25, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
Apr 28, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
pelwell
added a commit
that referenced
this issue
May 3, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
May 4, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
May 4, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
xukuohai
pushed a commit
to xukuohai/linux-raspberry-pi
that referenced
this issue
May 9, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
May 9, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
May 9, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
May 9, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
xukuohai
pushed a commit
to xukuohai/linux-raspberry-pi
that referenced
this issue
May 12, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
May 14, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
May 16, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
May 16, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
Noltari
pushed a commit
to Noltari/rpi-linux
that referenced
this issue
May 17, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
May 21, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
May 23, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
May 25, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
May 25, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
May 26, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Jun 1, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Jun 6, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Jun 14, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
herrnst
pushed a commit
to herrnst/linux-raspberrypi
that referenced
this issue
Jun 21, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
popcornmix
pushed a commit
that referenced
this issue
Jun 23, 2022
The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: #4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com>
papamoose
pushed a commit
to papamoose/ubuntu-kernel-raspi-jammy
that referenced
this issue
Sep 3, 2022
BugLink: https://bugs.launchpad.net/bugs/1975599 The NFT_SYNPROXY module is apparently useful for port scan protection, and at 11kB barely changes the size of the downloads. See: raspberrypi/linux#4993 Signed-off-by: Phil Elwell <phil@raspberrypi.com> (cherry picked from commit 0086da6acd41600d47b87b05874f99704216426f rpi-5.15.y) Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Describe the bug
The raspberry pi os's kernel is compiled without SYNPROXY module, which is pretty useful for some projects
Steps to reproduce the behaviour
Try to use SYNPROXY via iptables
Device (s)
Raspberry Pi 4 Mod. B
System
Raspberry Pi reference 2022-01-28
Mar 24 2022 13:19:26
Linux raspberrypi 5.15.32-v8+ #1538 SMP PREEMPT Thu Mar 31 19:40:39 BST 2022 aarch64 GNU/Linux
Logs
No response
Additional context
I got told to make an issue here: https://forums.raspberrypi.com/viewtopic.php?t=332870
So, generally having SYNPROXY won't affect the general performance for everybody using the kernel itself, the memory usage impact should be zero, yet it would be helpful and useful to have it for people that want to use it
It can be used for various use cases, where one of them is a DDoS and port-scan protection, and as we all know, there are a lot of people using Raspberry Pi as a small server for various things
I don't see any reason on why currently the kernel is compiled without SYNPROXY, as there is no gain on this, the real gain is on compiling it imho
Please consider compiling the kernel with SYNPROXY module, as it expands firewalling possibilities which are good for security, yet it shouldn't impact any user that won't use it.
The text was updated successfully, but these errors were encountered: