Page 7 of 7
Re: Kernel 5.5
Posted: Mon Jan 27, 2020 3:21 pm
by xeno74
Hi All,
The final kernel 5.5 is available for our AmigaOnes. Many thanks to all for helping me with testing, reporting, and fixing problems during the kernel 5.5 test time.
New:
Download:
linux-image-5.5-X1000_X5000.tar.gz
Cheers,
Christian
Re: Kernel 5.5
Posted: Mon Jan 27, 2020 11:15 pm
by Skateman
Final Kernel 5.5 running fine on the AmigaOne X5000
Big picture
http://www.skateman.nl/wp-content/uploa ... 210354.png
Thanks for all the hard work Christian!
Re: Kernel 5.5
Posted: Tue Jan 28, 2020 9:55 am
by xeno74
Skateman wrote: ↑Mon Jan 27, 2020 11:15 pm
Final Kernel 5.5 running fine on the AmigaOne X5000
Thanks for all the hard work Christian!
Thanks a lot for testing the final kernel 5.5!
Re: Kernel 5.5
Posted: Wed Feb 12, 2020 7:07 pm
by xeno74
Hi All,
I released the
stable kernel
5.5.3 today.
New:
- X5000 and X1000: "conntrack" connection tracking match support (CONFIG_NETFILTER_XT_MATCH_CONNTRACK) and Connection state matching (CONFIG_NETFILTER_XT_MATCH_STATE). Allows you to match packets based on their relationship to a tracked connection (ie. previous packets). These are great solutions for a desktop firewall. Examples:
Code: Select all
iptables -F
iptables -t filter -A INPUT -j DROP
iptables -t filter -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
or
Code: Select all
iptables -F
iptables -t filter -A INPUT -j DROP
iptables -t filter -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Basically, all network connections are blocked from the outside except our system has established the connections.
- X5000: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc (We don't need the coherent_cache-v4 patch anymore)
- Linux Git log
- Phoronix articles, reviews and news stories covering Linux 5.5
Download:
linux-image-5.5.3-X1000_X5000.tar.gz
Kernel 5.5.3 with iptables and Pure-FTPd:
Kernel 5.5.3 with iptables and Pure-FTPd in the NAT mode:
Cheers,
Christian
Re: Kernel 5.5
Posted: Sun Feb 16, 2020 11:10 am
by xeno74
Hi All,
The
stable kernel
5.5.4 is available.
New:
- X5000 and X1000: CONFIG_NETFILTER_XT_MATCH_LIMIT (Limit matching allows you to control the rate at which a rule can be matched: mainly useful in combination with the LOG target and to avoid some Denial of Service attacks).
For example:
Code: Select all
iptables -A INPUT -m tcp -p tcp --dport 22 -m state
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -m state
--state NEW -m limit --limit 3/hour --limit-burst 3 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j DROP
- Linux Git log
- Phoronix articles, reviews and news stories covering Linux 5.5
Download:
linux-image-5.5.4-X1000_X5000.tar.gz
Cheers,
Christian
Re: Kernel 5.5
Posted: Thu Feb 20, 2020 8:11 pm
by xeno74
Hi All,
I released the
stable kernel
5.5.5 today.
New:
- X5000 and X1000: NETFILTER_XT_MATCH_MULTIPORT (Multiport matching allows you to match TCP or UDP packets based on a series of source or destination ports: normally a rule can only match a single range of ports.)
For example for fail2ban (IPS, Intrusion Prevention System):
Code: Select all
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A fail2ban-ssh -s 87.193.135.42/32 -j DROP
-A fail2ban-ssh -s 79.193.45.193/32 -j DROP
-A fail2ban-ssh -j RETURN
- Linux Git log
- Phoronix articles, reviews and news stories covering Linux 5.5
Download:
linux-image-5.5.5-X1000_X5000.tar.gz
Cheers,
Christian
Re: Kernel 5.5
Posted: Sun Mar 22, 2020 3:04 pm
by xeno74
Hi All,
I released the
stable kernel
5.5.11 for the X5000 and X1000 today.
New:
Download:
linux-image-5.5.11-X1000_X5000.tar.gz
Please test it.
Thanks,
Christian
Re: Kernel 5.5
Posted: Sun Mar 22, 2020 9:19 pm
by Roland
xeno74 wrote: ↑Sun Mar 22, 2020 3:04 pm
I released the
stable kernel
5.5.11 for the X5000 and X1000 today.
Seems to work ok... But DPAA still connects only with the 'replug' method.
Re: Kernel 5.5
Posted: Sun Mar 22, 2020 11:41 pm
by xeno74
Roland wrote: ↑Sun Mar 22, 2020 9:19 pm
Seems to work ok... But DPAA still connects only with the 'replug' method.
Hi Roland,
Many thanks for testing!
Cheers,
Christian