search for: icmptypes

Can you post your Tinc configuration too? El lun., 30 ene. 2017 a las 11:42, Dave Albert (<dave.albert at gmail.com>) escribió: > Here is an extract of my current iptables that are not working: > > iptables -L -n -v > > Chain INPUT (policy DROP 8 packets, 1120 bytes) > pkts bytes target prot opt in out source > destination > 0 0

If someone has some free time, can you go over my ipfw config. See if I have any problems, or things i should add. Im not an ipfw expert or anything. Here is the config. add 100 allow all from any to any via lo0 add 110 deny log all from any to 127.0.0.0/8 add 120 deny log ip from 127.0.0.0/8 to any add 00200 check-state add 00250 deny all from any to any frag in via bge0 add 00260 deny

Hi, I've been able to get tinc setup when I flush all my iptables, but after enabling iptables and a delay I get a "Destination Net Unknown". I have three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and WEB are in Digital ocean in the same data centre. HOME <---> MASTER <---> WEB I've tried multiple forwarding/masquerading/etc rules and

Here is an extract of my current iptables that are not working: iptables -L -n -v Chain INPUT (policy DROP 8 packets, 1120 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- lo * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 ACCEPT udp -- lo * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306

> I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That > include 'echo request', of course. Someone else may have a better idea. You want to be pinged? Why don't you let something in and something out? I.e.: add 10000 allow icmp from any to any icmptypes 8 out add 10100 allow icmp from any to any icmptypes 0 in...

Thanks a lot for your hints Pasi. Due to your suggestion I open a new thread here. I have tested with model=e1000 (HVMs). As HVM configs are identical (not iso images and LVM volumes) I guess it is a xen 4.1.2* issue .. or just involved domU OS-kernels (however as it is HVM it should not play any role) Tested and correctly working OSes (getting an IP address and pinging of

Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead:

...;> # Allow established connections: >> add allow tcp from any to any established >Nope. >> # Deny fragmented packets: >> add deny ip from any to any frag >Nope. >> # Show pings: >> add count icmp from any to any icmptypes 8 in >Nope. >> # Allow pings, ping replies, and host unreach: >> add allow icmp from any to any icmptypes 0,8,3 >Nope. >> # Allow UDP traceroutes: >> add allow udp from any to any 33434-34458 in >> add allow udp from any 33...

Hello everyone, When I try to start firewalld in CentOS-8 it refuses with this in the /var/log/firewalld, any suggestions? 2019-12-11 19:11:25 WARNING: ipset not usable, disabling ipset usage in firewall. 2019-12-11 19:11:25 ERROR: No icmptypes found. 2019-12-11 19:11:25 ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack' modprobe: ERROR: could not insert 'nf_conntrack': Unknown symbol in module, or unknown parameter (see dmesg) modprobe: ERROR: Error running install com...

...gt;Ethernet interface. What would be more secure? > > > >> > >> # Deny fragmented packets: >> > >> add deny ip from any to any frag > >> > >> # Show pings: >> > >> add count icmp from any to any icmptypes 8 in >> > > >> >>That's inbound ping requests. Don't forget that 'inbound' means > coming >>into the firewall, not necessarily from the outside world. Your own >>ping requests _from_ this box also have to both come in, and go out. > >H...

Having a problem with the 3 interface setup. I can get DMZ hosts, and FW to see internet, but anything on LOC interface is unable to get out. My first post to the list didn''t have the information needed, sorry for that, but thank you for pointing me to more resources. I''ve looked at the problem myself some more, but am still stuck. Shorewall Version: 2.2.1 ip addr show 1:

Hi ! First of all, I am sorry if this is not the list for that, but I've been learning (a little bit...) a way to implement a freeBSD firewall. So far I came up with a set of rules I would like to show you for commenting. I am sure there're a lot of errors and/or stupid rules (I am not sure the rules order is good for what I need) and I would be really pleased if one could have a look

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

Your output looks like iptables -L -n. Can you add the -v option to check if the rule did handle packages? On 01/26/2017 05:39 PM, Thierry wrote: > ACCEPT tcp -- anywhere anywhere tcp dpt:4711

https://bugzilla.mindrot.org/show_bug.cgi?id=1441 Summary: flow record for ICMP6 missing type and code values Classification: Unclassified Product: softflowd Version: -current Platform: amd64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: softflowd AssignedTo: djm at

...>> >> ipfw add pass icmp from any to me >> >> However, how would I make a rule to limit icmp messages to just those used >> by traceroute? Can the messages be distinguished as such? >> >> >> > > I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That > include 'echo request', of course. Someone else may have a better idea. > >> A dynamic rule that exists only for the duration of a traceroute execution >> would be even better. I take it 'setup' or 'check-state' would follow in &...

I have a rather busy Apache 2.2 server; tons of small & some large requests. It's a standard Dell 2650 server using the bge (broadcom) network driver. I seem to have a rather strange problem where after just a day or so Apache just stops processing new connections. You can connect to port 80, but trying to get Apache to process any data just hangs. There is nothing strange in

Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools

Hi, I have a router running BGP and OSPF (bird) on FreeBSD. Are there any best practises one can take in order to protect the network from DDoS attacks. I know this isn't easy. But I would like to secure my network as much as possible. Even if I'am not able to prevent or block a ddos I would like to get some info (snmp trap parhaps) regarding the attack. Then I can contact my ISP or

...ts: icmp-blocks: rich rules: [root at biz103 ~]# ls -l /etc/firewalld total 28 -rw-r--r-- 1 root root 187 Jul 14 06:55 direct.xml -rw------- 1 root root 1028 Jul 14 08:05 firewalld.conf -rw-r----- 1 root root 1026 Mar 5 2015 firewalld.conf.old drwxr-x---. 2 root root 4096 Mar 5 2015 icmptypes -rw-r-----. 1 root root 271 Mar 5 2015 lockdown-whitelist.xml drwxr-x---. 2 root root 4096 Mar 5 2015 services drwxr-x---. 2 root root 4096 Jul 14 07:40 zones [root at biz103 ~]# ls -l /etc/firewalld/zones total 12 -rw-r--r-- 1 root root 356 Jul 14 07:40 external.xml -rw-r--r-- 1 root root 3...