search for: icmptypes

Displaying 20 results from an estimated 25 matches for "icmptypes".

Did you mean: icmptype
2017 Jan 30
1
Help with iptables && tinc
Can you post your Tinc configuration too? El lun., 30 ene. 2017 a las 11:42, Dave Albert (<dave.albert at gmail.com>) escribió: > Here is an extract of my current iptables that are not working: > > iptables -L -n -v > > Chain INPUT (policy DROP 8 packets, 1120 bytes) > pkts bytes target prot opt in out source > destination > 0 0
2004 Jul 28
3
Ipfw config
If someone has some free time, can you go over my ipfw config. See if I have any problems, or things i should add. Im not an ipfw expert or anything. Here is the config. add 100 allow all from any to any via lo0 add 110 deny log all from any to 127.0.0.0/8 add 120 deny log ip from 127.0.0.0/8 to any add 00200 check-state add 00250 deny all from any to any frag in via bge0 add 00260 deny
2017 Jan 30
4
Help with iptables && tinc
Hi, I've been able to get tinc setup when I flush all my iptables, but after enabling iptables and a delay I get a "Destination Net Unknown". I have three host (HOME10.0.3.2, MASTER 10.0.3.1, WEB 10.0.3.3) MASTER and WEB are in Digital ocean in the same data centre. HOME <---> MASTER <---> WEB I've tried multiple forwarding/masquerading/etc rules and
2017 Jan 30
0
Help with iptables && tinc
Here is an extract of my current iptables that are not working: iptables -L -n -v Chain INPUT (policy DROP 8 packets, 1120 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- lo * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 ACCEPT udp -- lo * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306
2004 Sep 03
0
ipfw rules or something alike
> I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That > include 'echo request', of course. Someone else may have a better idea. You want to be pinged? Why don't you let something in and something out? I.e.: add 10000 allow icmp from any to any icmptypes 8 out add 10100 allow icmp from any to any icmptypes 0 in...
2011 Aug 15
11
Re: [Xen-devel] xen 4.1.2* dhcp issue/bug when installing/booting HVM domU domains (CentOS 6, unbuntu 11.04 server). Debian/OpenSolaris work fine.
Thanks a lot for your hints Pasi. Due to your suggestion I open a new thread here. I have tested with model=e1000 (HVMs). As HVM configs are identical (not iso images and LVM volumes) I guess it is a xen 4.1.2* issue .. or just involved domU OS-kernels (however as it is HVM it should not play any role) Tested and correctly working OSes (getting an IP address and pinging of
2007 Dec 13
3
IPFW compiled in kernel: Where is it reading the config?
Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead:
2007 Dec 20
1
IPFW: Blocking me out. How to debug?
...;> # Allow established connections: >> add allow tcp from any to any established >Nope. >> # Deny fragmented packets: >> add deny ip from any to any frag >Nope. >> # Show pings: >> add count icmp from any to any icmptypes 8 in >Nope. >> # Allow pings, ping replies, and host unreach: >> add allow icmp from any to any icmptypes 0,8,3 >Nope. >> # Allow UDP traceroutes: >> add allow udp from any to any 33434-34458 in >> add allow udp from any 33...
2019 Dec 11
1
CentOS-8: firewalld not starting
Hello everyone, When I try to start firewalld in CentOS-8 it refuses with this in the /var/log/firewalld, any suggestions? 2019-12-11 19:11:25 WARNING: ipset not usable, disabling ipset usage in firewall. 2019-12-11 19:11:25 ERROR: No icmptypes found. 2019-12-11 19:11:25 ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack' modprobe: ERROR: could not insert 'nf_conntrack': Unknown symbol in module, or unknown parameter (see dmesg) modprobe: ERROR: Error running install com...
2007 Dec 24
0
Fwd: Re: IPFW: Blocking me out. How to debug?
...gt;Ethernet interface. What would be more secure? > > > >> > >> # Deny fragmented packets: >> > >> add deny ip from any to any frag > >> > >> # Show pings: >> > >> add count icmp from any to any icmptypes 8 in >> > > >> >>That's inbound ping requests. Don't forget that 'inbound' means > coming >>into the firewall, not necessarily from the outside world. Your own >>ping requests _from_ this box also have to both come in, and go out. > >H...
2005 Mar 06
1
3 Interface problem
Having a problem with the 3 interface setup. I can get DMZ hosts, and FW to see internet, but anything on LOC interface is unable to get out. My first post to the list didn''t have the information needed, sorry for that, but thank you for pointing me to more resources. I''ve looked at the problem myself some more, but am still stuck. Shorewall Version: 2.2.1 ip addr show 1:
2003 Apr 25
2
firewalling help/audit
Hi ! First of all, I am sorry if this is not the list for that, but I've been learning (a little bit...) a way to implement a freeBSD firewall. So far I came up with a set of rules I would like to show you for commenting. I am sure there're a lot of errors and/or stupid rules (I am not sure the rules order is good for what I need) and I would be really pleased if one could have a look
2003 Oct 26
3
Best way to filter "Nachi pings"?
We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass
2017 Jan 26
2
dsync dovecot / Failed connection refused
Your output looks like iptables -L -n. Can you add the -v option to check if the rule did handle packages? On 01/26/2017 05:39 PM, Thierry wrote: > ACCEPT tcp -- anywhere anywhere tcp dpt:4711
2008 Feb 18
0
[Bug 1441] New: flow record for ICMP6 missing type and code values
https://bugzilla.mindrot.org/show_bug.cgi?id=1441 Summary: flow record for ICMP6 missing type and code values Classification: Unclassified Product: softflowd Version: -current Platform: amd64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: softflowd AssignedTo: djm at
2004 Sep 03
0
freebsd-security Digest, Vol 75, Issue 2
...>> >> ipfw add pass icmp from any to me >> >> However, how would I make a rule to limit icmp messages to just those used >> by traceroute? Can the messages be distinguished as such? >> >> >> > > I use, thus far, "allow icmp from any to any icmptypes 0,3,4,8,11". That > include 'echo request', of course. Someone else may have a better idea. > >> A dynamic rule that exists only for the duration of a traceroute execution >> would be even better. I take it 'setup' or 'check-state' would follow in &...
2008 May 28
2
Sockets stuck in FIN_WAIT_1
I have a rather busy Apache 2.2 server; tons of small & some large requests. It's a standard Dell 2650 server using the bge (broadcom) network driver. I seem to have a rather strange problem where after just a day or so Apache just stops processing new connections. You can connect to port 80, but trying to get Apache to process any data just hangs. There is nothing strange in
2004 Feb 19
2
traffic normalizer for ipfw?
Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
2013 Feb 09
5
FreeBSD DDoS protection
Hi, I have a router running BGP and OSPF (bird) on FreeBSD. Are there any best practises one can take in order to protect the network from DDoS attacks. I know this isn't easy. But I would like to secure my network as much as possible. Even if I'am not able to prevent or block a ddos I would like to get some info (snmp trap parhaps) regarding the attack. Then I can contact my ISP or
2016 Jul 14
2
CentOS7 firewalld ploblem
...ts: icmp-blocks: rich rules: [root at biz103 ~]# ls -l /etc/firewalld total 28 -rw-r--r-- 1 root root 187 Jul 14 06:55 direct.xml -rw------- 1 root root 1028 Jul 14 08:05 firewalld.conf -rw-r----- 1 root root 1026 Mar 5 2015 firewalld.conf.old drwxr-x---. 2 root root 4096 Mar 5 2015 icmptypes -rw-r-----. 1 root root 271 Mar 5 2015 lockdown-whitelist.xml drwxr-x---. 2 root root 4096 Mar 5 2015 services drwxr-x---. 2 root root 4096 Jul 14 07:40 zones [root at biz103 ~]# ls -l /etc/firewalld/zones total 12 -rw-r--r-- 1 root root 356 Jul 14 07:40 external.xml -rw-r--r-- 1 root root 3...