search for: dstports

Dear Admins and Hackers, maybe i am to stupid to use ''tc''. But i having logical Problems to understand the Filter Rules in tc. Common Config: There is a Linux Engine (Debian) with a 2.6.11.11 Kernel which act as Packetshaper. Two Interfaces eth0 and eth1 are installed. Interface ''eth0'' is the Firewall Side Net 195.185.185.0/24. Interface

Hello, I have a nwfilter that I'm using to ensure that libvirt domains can't spoof IPv6 traffic. It looks like this: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/> </rule>

On Sun, Oct 11, 2015 at 3:15 PM, Michael Glasgow <glasgow at beer.net> wrote: > I'm not sure what the decaying i/o issue looks like. It's a bit > slow loading the initrd, but I think the efi drivers are just slow > in general. Just in case, I went ahead and did a capture on the > g18 patch loading OL 7.1, which you can grab from here: > >

...priority='500'> <ipv6 srcipaddr='$IPV6[@1]' srcipmask='$IPV6_MASK[@1]'/> </rule> <rule action='drop' direction='out' priority='1000'/> </filter> The documentation reads: Assign concrete values to SRCIPADDRESSES and DSTPORTS as shown: SRCIPADDRESSES = [ 10.0.0.1, 11.1.2.3 ] DSTPORTS = [ 80, 8080 ] But I'm not sure how to pass through an array of <parameter>s in the filterref. Is this possible? On Wed, Jan 1, 2020 at 12:39 PM Brooks Swinnerton <bswinnerton at gmail.com> wrote: > Hello, > &gt...

https://bugzilla.netfilter.org/show_bug.cgi?id=1273 Bug ID: 1273 Summary: hashlimit never appears to fail to match under 4.9.x Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: major Priority: P5 Component: ip_tables (kernel)

I love SSH's ability to dynamically forward ports using SOCKS (either -D or DynamicForward) (ie "ssh -D 1081 private.mine.net"). But the thing that has caused me some pain, is that only SOCKS4 is supported. The SOCKS4 proxy specification does not permit hostnames, but only IP addresses. This isn't much of a problem if the target host is a public Internet host or otherwise DNS

On Sun, Oct 25, 2015 at 6:31 AM, Geert Stappers via Syslinux <syslinux at zytor.com> wrote: > On Mon, Oct 12, 2015 at 08:44:18PM -0400, Gene Cumm via Syslinux wrote: >> On Sun, Oct 11, 2015 at 3:15 PM, Michael Glasgow <glasgow at beer.net> wrote: >> >> > I'm not sure what the decaying i/o issue looks like. It's a bit >> > slow loading the

I compiled OpenSSH 3.6.1p1 on NCR MP-RAS v4.3 (or at least "uname -a"'s output of 4.0.3.0 suggests v4.3, I'm not positive). I was able to compile zlib (1.1.4) and openssl (0.9.7a) with little trouble. OpenSSH took hand-hacking the includes.h file as follows: diff -cr openssh-3.6.1p1/includes.h openssh-3.6.1p1-customized/includes.h *** openssh-3.6.1p1/includes.h Sun Oct 20

http://bugzilla.netfilter.org/show_bug.cgi?id=706 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh at medozas.de --- Comment #1 from Jan Engelhardt <jengelh at medozas.de> 2011-03-03 14:20:30

Hello, I am seeing sporadic duplicate read requests from lpxelinux.0 (6.03 from kernel.org), which results in a failed PXE boot. This happens only sporadic, but happens often enough to be annoying. The TFTP server serving lpxelinux.0 is running CentOS 7.6 with all updates applied. The client machine initiates the PXE boot, receives the lpxelinux.0 binary, downloads ldlinux.c32 and proceeds to

On Mon, Oct 12, 2015 at 08:44:18PM -0400, Gene Cumm via Syslinux wrote: > On Sun, Oct 11, 2015 at 3:15 PM, Michael Glasgow <glasgow at beer.net> wrote: > > > I'm not sure what the decaying i/o issue looks like. It's a bit > > slow loading the initrd, but I think the efi drivers are just slow > > in general. Just in case, I went ahead and did a capture on

Has anyone implemented a script to block IPs which are attacking on POP3 ports using dovecot logs to indicate repetitive failed login attempts? sshblack does this nicely for ssh (port 22) attacks by monitoring the /var/log/secure file. I am considering rewriting this to POP3 port (110), but if it has already been done, I sure don't need the practice. Thanks!

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=77 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|critical |trivial Status|NEW |RESOLVED Resolution|

My port forwarding changes require an authorization (authentication) context in channel_connect_to(). I'd like to change the dispatch_* functions so that they accept an Authctxt * instead of a void * (this parameter is already used this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the global

https://bugzilla.netfilter.org/show_bug.cgi?id=1117 Bug ID: 1117 Summary: Table ipv4-nat prerouting dnat doesn't accept dest IP:PORT Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

On Oct 11, 2015 1:26 AM, "Michael Glasgow" <glasgow at beer.net> wrote: > > Gene Cumm wrote: > > >> My test x86-64 binaries: > > >> > > >> https://sites.google.com/site/genecsyslinux/sl604p0g17-x64.tgz?attredirects=0&d=1 > > > > On Fri, Oct 2, 2015 at 4:46 PM, Derrick M <derrick.martinez at gmail.com> wrote: > >