search for: dstport

Displaying 16 results from an estimated 16 matches for "dstport".

Did you mean: dst_port
2005 Jun 01
2
TC Filtering Problems
...1: protocol ip pref 100 u32 filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 (rule hit 151 success 129) match 00500000/ffff0000 at 20 (success 129 ) But why i !cant! filter Packets with dstPort 80 or Src Ip on eth0: Dstport 80: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match u32 0x50 0xffff at nexthdr+0 classid 1:10 or Source Ipaddress: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match ip src 195.185.185.2/32 classid 1:10 On these Filters are no success Cou...
2020 Jan 01
2
Passing multiple addresses with masks to nwfilter
Hello, I have a nwfilter that I'm using to ensure that libvirt domains can't spoof IPv6 traffic. It looks like this: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/> </rule>
2015 Oct 13
2
UEFI: Failed to load ldlinux.e64/ldlinux.e32
...slow > in general. Just in case, I went ahead and did a capture on the > g18 patch loading OL 7.1, which you can grab from here: > > http://www.beer.net/m/etc/sl604p0g18.pcap.gz Just like that although this one maintains a reasonable IO rate. Wireshark, Statistics, IO Graph, "udp.dstport == 1719", bits/tick. Look at both 1 second per tick and 5 pixels per tick and then 0.1 seconds per tick and 1 pixel per tick. -- -Gene
2020 Jan 01
0
Re: Passing multiple addresses with masks to nwfilter
...priority='500'> <ipv6 srcipaddr='$IPV6[@1]' srcipmask='$IPV6_MASK[@1]'/> </rule> <rule action='drop' direction='out' priority='1000'/> </filter> The documentation reads: Assign concrete values to SRCIPADDRESSES and DSTPORTS as shown: SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ] DSTPORTS = [ 80, 8080 ] But I'm not sure how to pass through an array of <parameter>s in the filterref. Is this possible? On Wed, Jan 1, 2020 at 12:39 PM Brooks Swinnerton <bswinnerton at gmail.com> wrote: > Hello, > &g...
2018 Jul 26
1
[Bug 1273] New: hashlimit never appears to fail to match under 4.9.x
...zilla-nf20180726 at ta.grue.cc I have the same rules under both 4.9.111 and 4.8.3. The 4.8.3 kernel works as expected but not under 4.9.111. The rules are as follows: 4.8.3: [825033:522252112] -A m.voip.asterisk.reg -m hashlimit --hashlimit-upto 100/min --hashlimit-burst 70 --hashlimit-mode srcip,dstport --hashlimit-name m.voip.sip_r_li -j ACCEPT [366031:149053285] -A m.voip.asterisk.reg -m limit --limit 5/sec -j LOG --log-prefix "FW: SIP.REG LIMIT IN: " --log-level 6 [49357657:18457587442] -A m.voip.asterisk.reg -j DROP 4.9.111: [44798:20928681] -A m.voip.asterisk.reg -m hashlimit --has...
2002 May 10
1
Patch for SOCKS4A in OpenSsh
...mes to be passed in in the SOCKS4 initiation packet. See http://www.socks.nec.com/protocol/socks4a.protocol for details, and here's a brief synopsis. The SOCKS4 initiation packet looks like this: +----+----+----+----+----+----+----+----+----+----+....+----+ | VN | CD | DSTPORT | DSTIP | USERID |NULL| +----+----+----+----+----+----+----+----+----+----+....+----+ # of bytes: 1 1 2 4 variable 1 >For version 4A, if the client cannot resolve the destination host's domain name to find its IP address,...
2015 Oct 25
1
UEFI: Failed to load ldlinux.e64/ldlinux.e32
...did a capture on the >> > g18 patch loading OL 7.1, which you can grab from here: >> > >> > http://www.beer.net/m/etc/sl604p0g18.pcap.gz >> >> Just like that although this one maintains a reasonable IO rate. >> Wireshark, Statistics, IO Graph, "udp.dstport == 1719", bits/tick. >> Look at both 1 second per tick and 5 pixels per tick and then 0.1 >> seconds per tick and 1 pixel per tick. > > In a different thread there was a posting[1] where > updating the TFTP _server_ did help. > > Is in this thread also a newer TFTP-...
2003 Apr 08
2
OpenSSH 3.6.1p1 on NCR MP-RAS v4.3, several weird terminal problems
...nssh/bin), and also inserting /bin (which the telnet session lacked) SSH: PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/openssh/bin:/usr/ccs/bin Telnet: PATH=/usr/bin:/usr/sbin:/usr/ccs/bin + Only the SSH session contains: SSH_TTY=/dev/pts/xx SSH_CONNECTION="srcIP srcport dstIP dstport" SSH_CLIENT="srcIP srcport dstport" USER=jlibove + The MAIL variable in the SSH session has an extra '/' in it: MAIL=/var/mail//jlibove compared to the telnet session MAIL=/var/mail/jlibove None of these seem critical, though the MAIL setting does imply...
2011 Mar 03
2
[Bug 706] Iptables randomly reject some packets that have accept rule
http://bugzilla.netfilter.org/show_bug.cgi?id=706 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh at medozas.de --- Comment #1 from Jan Engelhardt <jengelh at medozas.de> 2011-03-03 14:20:30
2019 Sep 03
1
Sporadic duplicate requests with lpxelinux.0
...ason? This is not really reproducible, e.g. after a reboot of a machine in this state it is booting fine. As we rely heavily on the HTTP capability of lpxelinux.0, testing with pxelinux.0 is not trivial :( Has anybody seen this before or additional ideas? # Number Time Source SrcPort Destination DSTPort Protocol Length Info 16062 0.003813687 131.169.168.108 49153 131.169.81.129 69 TFTP 121 Read Request, File: pxelinux.cfg/008093db-74fd-e711-8000-e0d55eccd74f, Transfer type: octet, tsize=0, blksize=1408 16064 0.080917021 131.169.168.108 49153 131.169.81.129 69 TFTP 121 Read Request, File: pxelinux....
2015 Oct 25
0
UEFI: Failed to load ldlinux.e64/ldlinux.e32
...case, I went ahead and did a capture on the > > g18 patch loading OL 7.1, which you can grab from here: > > > > http://www.beer.net/m/etc/sl604p0g18.pcap.gz > > Just like that although this one maintains a reasonable IO rate. > Wireshark, Statistics, IO Graph, "udp.dstport == 1719", bits/tick. > Look at both 1 second per tick and 5 pixels per tick and then 0.1 > seconds per tick and 1 pixel per tick. In a different thread there was a posting[1] where updating the TFTP _server_ did help. Is in this thread also a newer TFTP-server being tried? Groeten G...
2007 Apr 08
2
IP Tables block for POP3 attacks with Dovecot
Has anyone implemented a script to block IPs which are attacking on POP3 ports using dovecot logs to indicate repetitive failed login attempts? sshblack does this nicely for ssh (port 22) attacks by monitoring the /var/log/secure file. I am considering rewriting this to POP3 port (110), but if it has already been done, I sure don't need the practice. Thanks!
2003 Apr 14
0
[Bug 77] a bug in the chain PREROUTING of the table nat
...The 'nat' table is traversed for every _first_ packet of a connection. You can delete all nat rules, but already-established connections will remain active (and NATed). Due to the connectionless operation of UDP, we cannot tell UDP sessions apart if they use the same (scrip,srcport,dstip,dstport) tuple. Apart from that, your -t nat -I PREROUTING -j DROP rule will also only consider the first packet of every connection. It seems like you have some misunderstanding about the semantics. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watc...
2000 Nov 24
2
Getting the authctxt
My port forwarding changes require an authorization (authentication) context in channel_connect_to(). I'd like to change the dispatch_* functions so that they accept an Authctxt * instead of a void * (this parameter is already used this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the global
2017 Feb 03
4
[Bug 1117] New: Table ipv4-nat prerouting dnat doesn't accept dest IP:PORT
....org Reporter: jan at purepeople.be Gents, in linux 4.9.6 there's something fish when applying an nftables rule in a netns. # on the Host ------- ovs-vsctl add-port bkpln pub-aaaa tag=200 -- set Interface pub-aaaa type=internal ip link add vx-aaa type vxlan id 123 group 239.0.1.123 dstport 4789 dev enp3s0 # enp3s0 has mtu 1550 ip netns add vr-aaaa ip l set pub-aaa netns vr-aaaa ip l set vx-aaaa netns vr-aaaa ------- # enter the NS, easier ip netns exec vr-aaaa bash ip l set lo up ip addr add 192.168.16.243/24 dev pub-aaaa ip l set pub-aaaa up ip addr add 192.168.123.1/24 dev vx-aaa...
2015 Oct 11
4
UEFI: Failed to load ldlinux.e64/ldlinux.e32
On Oct 11, 2015 1:26 AM, "Michael Glasgow" <glasgow at beer.net> wrote: > > Gene Cumm wrote: > > >> My test x86-64 binaries: > > >> > > >> https://sites.google.com/site/genecsyslinux/sl604p0g17-x64.tgz?attredirects=0&d=1 > > > > On Fri, Oct 2, 2015 at 4:46 PM, Derrick M <derrick.martinez at gmail.com> wrote: > >