search for: dstport

...1: protocol ip pref 100 u32 filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 (rule hit 151 success 129) match 00500000/ffff0000 at 20 (success 129 ) But why i !cant! filter Packets with dstPort 80 or Src Ip on eth0: Dstport 80: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match u32 0x50 0xffff at nexthdr+0 classid 1:10 or Source Ipaddress: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match ip src 195.185.185.2/32 classid 1:10 On these Filters are no success Cou...

Hello, I have a nwfilter that I'm using to ensure that libvirt domains can't spoof IPv6 traffic. It looks like this: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/> </rule>

...slow > in general. Just in case, I went ahead and did a capture on the > g18 patch loading OL 7.1, which you can grab from here: > > http://www.beer.net/m/etc/sl604p0g18.pcap.gz Just like that although this one maintains a reasonable IO rate. Wireshark, Statistics, IO Graph, "udp.dstport == 1719", bits/tick. Look at both 1 second per tick and 5 pixels per tick and then 0.1 seconds per tick and 1 pixel per tick. -- -Gene

...priority='500'> <ipv6 srcipaddr='$IPV6[@1]' srcipmask='$IPV6_MASK[@1]'/> </rule> <rule action='drop' direction='out' priority='1000'/> </filter> The documentation reads: Assign concrete values to SRCIPADDRESSES and DSTPORTS as shown: SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ] DSTPORTS = [ 80, 8080 ] But I'm not sure how to pass through an array of <parameter>s in the filterref. Is this possible? On Wed, Jan 1, 2020 at 12:39 PM Brooks Swinnerton <bswinnerton at gmail.com> wrote: > Hello, > &g...

...zilla-nf20180726 at ta.grue.cc I have the same rules under both 4.9.111 and 4.8.3. The 4.8.3 kernel works as expected but not under 4.9.111. The rules are as follows: 4.8.3: [825033:522252112] -A m.voip.asterisk.reg -m hashlimit --hashlimit-upto 100/min --hashlimit-burst 70 --hashlimit-mode srcip,dstport --hashlimit-name m.voip.sip_r_li -j ACCEPT [366031:149053285] -A m.voip.asterisk.reg -m limit --limit 5/sec -j LOG --log-prefix "FW: SIP.REG LIMIT IN: " --log-level 6 [49357657:18457587442] -A m.voip.asterisk.reg -j DROP 4.9.111: [44798:20928681] -A m.voip.asterisk.reg -m hashlimit --has...

...mes to be passed in in the SOCKS4 initiation packet. See http://www.socks.nec.com/protocol/socks4a.protocol for details, and here's a brief synopsis. The SOCKS4 initiation packet looks like this: +----+----+----+----+----+----+----+----+----+----+....+----+ | VN | CD | DSTPORT | DSTIP | USERID |NULL| +----+----+----+----+----+----+----+----+----+----+....+----+ # of bytes: 1 1 2 4 variable 1 >For version 4A, if the client cannot resolve the destination host's domain name to find its IP address,...

...did a capture on the >> > g18 patch loading OL 7.1, which you can grab from here: >> > >> > http://www.beer.net/m/etc/sl604p0g18.pcap.gz >> >> Just like that although this one maintains a reasonable IO rate. >> Wireshark, Statistics, IO Graph, "udp.dstport == 1719", bits/tick. >> Look at both 1 second per tick and 5 pixels per tick and then 0.1 >> seconds per tick and 1 pixel per tick. > > In a different thread there was a posting[1] where > updating the TFTP _server_ did help. > > Is in this thread also a newer TFTP-...

...nssh/bin), and also inserting /bin (which the telnet session lacked) SSH: PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/openssh/bin:/usr/ccs/bin Telnet: PATH=/usr/bin:/usr/sbin:/usr/ccs/bin + Only the SSH session contains: SSH_TTY=/dev/pts/xx SSH_CONNECTION="srcIP srcport dstIP dstport" SSH_CLIENT="srcIP srcport dstport" USER=jlibove + The MAIL variable in the SSH session has an extra '/' in it: MAIL=/var/mail//jlibove compared to the telnet session MAIL=/var/mail/jlibove None of these seem critical, though the MAIL setting does imply...

http://bugzilla.netfilter.org/show_bug.cgi?id=706 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh at medozas.de --- Comment #1 from Jan Engelhardt <jengelh at medozas.de> 2011-03-03 14:20:30

...ason? This is not really reproducible, e.g. after a reboot of a machine in this state it is booting fine. As we rely heavily on the HTTP capability of lpxelinux.0, testing with pxelinux.0 is not trivial :( Has anybody seen this before or additional ideas? # Number Time Source SrcPort Destination DSTPort Protocol Length Info 16062 0.003813687 131.169.168.108 49153 131.169.81.129 69 TFTP 121 Read Request, File: pxelinux.cfg/008093db-74fd-e711-8000-e0d55eccd74f, Transfer type: octet, tsize=0, blksize=1408 16064 0.080917021 131.169.168.108 49153 131.169.81.129 69 TFTP 121 Read Request, File: pxelinux....

...case, I went ahead and did a capture on the > > g18 patch loading OL 7.1, which you can grab from here: > > > > http://www.beer.net/m/etc/sl604p0g18.pcap.gz > > Just like that although this one maintains a reasonable IO rate. > Wireshark, Statistics, IO Graph, "udp.dstport == 1719", bits/tick. > Look at both 1 second per tick and 5 pixels per tick and then 0.1 > seconds per tick and 1 pixel per tick. In a different thread there was a posting[1] where updating the TFTP _server_ did help. Is in this thread also a newer TFTP-server being tried? Groeten G...

Has anyone implemented a script to block IPs which are attacking on POP3 ports using dovecot logs to indicate repetitive failed login attempts? sshblack does this nicely for ssh (port 22) attacks by monitoring the /var/log/secure file. I am considering rewriting this to POP3 port (110), but if it has already been done, I sure don't need the practice. Thanks!

...The 'nat' table is traversed for every _first_ packet of a connection. You can delete all nat rules, but already-established connections will remain active (and NATed). Due to the connectionless operation of UDP, we cannot tell UDP sessions apart if they use the same (scrip,srcport,dstip,dstport) tuple. Apart from that, your -t nat -I PREROUTING -j DROP rule will also only consider the first packet of every connection. It seems like you have some misunderstanding about the semantics. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watc...

My port forwarding changes require an authorization (authentication) context in channel_connect_to(). I'd like to change the dispatch_* functions so that they accept an Authctxt * instead of a void * (this parameter is already used this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the global

....org Reporter: jan at purepeople.be Gents, in linux 4.9.6 there's something fish when applying an nftables rule in a netns. # on the Host ------- ovs-vsctl add-port bkpln pub-aaaa tag=200 -- set Interface pub-aaaa type=internal ip link add vx-aaa type vxlan id 123 group 239.0.1.123 dstport 4789 dev enp3s0 # enp3s0 has mtu 1550 ip netns add vr-aaaa ip l set pub-aaa netns vr-aaaa ip l set vx-aaaa netns vr-aaaa ------- # enter the NS, easier ip netns exec vr-aaaa bash ip l set lo up ip addr add 192.168.16.243/24 dev pub-aaaa ip l set pub-aaaa up ip addr add 192.168.123.1/24 dev vx-aaa...

On Oct 11, 2015 1:26 AM, "Michael Glasgow" <glasgow at beer.net> wrote: > > Gene Cumm wrote: > > >> My test x86-64 binaries: > > >> > > >> https://sites.google.com/site/genecsyslinux/sl604p0g17-x64.tgz?attredirects=0&d=1 > > > > On Fri, Oct 2, 2015 at 4:46 PM, Derrick M <derrick.martinez at gmail.com> wrote: > >