search for: ipt_recent

...i have a problem with xen. the output of uname is:Linux xen 2.6.12-gentoo-r6 #9 SMP Mon Jan 23 18:13:25 CET 2006 i686 AMD Opteron(tm) Processor 844 AuthenticAMD GNU/Linux i user the SAME config of the kernel, for xen0 domain, and when i boot with xen0 kernel it reboots after this output... . . . ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/ arp_tables: (C) 2002 David S. Miller NET: Registered protocol family 1 NET: Registered protocol family 17 the normal kernel output is this: . . . ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>...

Is the maximum permitted value for --hitcount documented anywhere? I reliably get a iptables-restore error when I specify a hitcount value greater than 20 but I cannot find any mention of there being a maximum value. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

I went to reload (iptables-restore) my iptables configuration and obtained an error at the COMMIT statement. No further details were provided even when I ran restore with the -v option. I determined that none of my backed up configuration files going back to October will load either. This is more than passing strange because I altered and uploaded the iptables configuration on this host several

Dear CentOS people, I'm sure many have faced this before but I can't seem to figure this out. I need unattended OpenSSH and its SFTP connections to be closed after a while (say, in 10 minutes). This needs to override anything that could be done from the client side (ServerAliveInterval or keepalives a program like PuTTY can send). I kind of understand it's not always easy to

Hi! I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2. -- Veiko Kukk

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68 ------- Additional Comments From laforge@netfilter.org 2003-03-20 10:55 ------- This looks strange. The BUG in slab.c tells us that there is a GFP_ATOMIC missing. This means that we are allocating kernel memory from softirq context with only GFP_KERNEL. If I understand your backtrace correctly, what happens is: - you are

The current build of iptables does not appear to include some modules. Among these are ipt_recent.so, a very handy module in deflecting the current flurry of sshd dictionary attacks. Lineox appears to have the same problem. This is because the RedHat source rpm spec file is not explicit in the kernel directory location and that omission affects these few modules. Required changes in the...

Hello List, I am having problem in getting iptables recent module working for me, so I was looking into /proc to get some clues. I see following line in the /proc for my iptables recent rule: # cat /proc/net/ipt_recent/badguy src=10.0.0.17 ttl: 63 last_seen: 3301974512 oldest_pkt: 2 3301973507, 3301974512 What does ttl mean? Is it time-to-live or what? What does it signify? -- CS

Hello, all. I read this document about iptables recent module. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks and I would like to filter the excessive spam mail sending ip address by iptables recent module. and some questions. iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update -...

...iptable_mangle.o LD [M] net/ipv4/netfilter/iptable_nat.o CC [M] net/ipv4/netfilter/iptable_raw.o CC [M] net/ipv4/netfilter/ipt_hashlimit.o CC [M] net/ipv4/netfilter/ipt_iprange.o CC [M] net/ipv4/netfilter/ipt_owner.o CC [M] net/ipv4/netfilter/ipt_tos.o CC [M] net/ipv4/netfilter/ipt_recent.o CC [M] net/ipv4/netfilter/ipt_ecn.o /opt/linux-2.6.18-xen.hg/net/ipv4/netfilter/ipt_ecn.c: In function ‘match_ip’: /opt/linux-2.6.18-xen.hg/net/ipv4/netfilter/ipt_ecn.c:26: error: ‘IPT_DSCP_MASK’ undeclared (first use in this function) /opt/linux-2.6.18-xen.hg/net/ipv4/netfilter/ipt_ecn.c:26:...

We have a (supposedly) quite standard setup: 2 Dom0 with drbd-on-lvm and a bunch of DomU, on Quad Xeon Dell servers. We tried with both sid-based and etch-based (+ 3.1 xen hypervisor and drbd 8 from backports.org ) Dom0, and quite consistently have "kernel: invalid opcode: 0000 [1] SMP" errors which freezes Dom0 (during lasts tests a simple start-and-stop loop of 10 DomU can trigger

...v4options.o ipt_pool.o ipt_ttl.o ip_nat_snmp_basic.o ipt_length.o ipt_POOL.o ipt_TTL.o ip_pool.o ipt_limit.o ipt_psd.o ipt_ULOG.o ip_queue.o ipt_LOG.o ipt_realm.o ipt_unclean.o iptable_filter.o ipt_mac.o ipt_recent.o iptable_mangle.o ipt_mark.o ipt_record_rpc.o [root@cab1 root]# [root@cab1 root]# tc -V tc utility, iproute2-ss010824 [root@cab1 root]# [root@cab1 root]# iptables -V iptables v1.2.7-20020423 [root@cab1 root]# thanking u in advance A.H

...e iptables/netfilter modules on start up. The module has loaded okay as far as I can tell: root@gecko:~# lsmod | grep p2p ipt_ipp2p 8256 0 x_tables 15236 43 xt_comment,xt_policy,xt_multiport,ipt_ULOG,ipt_TTL,ipt_ttl,ipt_TOS,ipt_tos,ipt_SAME,ipt_REJECT,ipt_REDIRECT,ipt_recent,ipt_owner,ipt_NETMAP,ipt_MASQUERADE,ipt_LOG,ipt_iprange,ipt_ipp2p,ipt_ECN,ipt_ecn,ipt_ah,ipt_addrtype,xt_tcpmss,xt_pkttype,xt_physdev,xt_NFQUEUE,xt_NFLOG,xt_MARK,xt_mark,xt_mac,xt_limit,xt_length,xt_helper,xt_hashlimit,xt_dccp,xt_conntrack,xt_CONNMARK,xt_connmark,xt_CLASSIFY,xt_tcpudp,xt_state,ipta...

I was just extracting a 96MB tar file ( tar -xWf backup.tar ), the cpu load was 99% for a long time. I then stopped it and tried again, but this time this popped up in my ssh session: -- Message from syslogd at rock at Sat Feb 18 00:47:05 2006 ... rock kernel: Assertion failure in __journal_unfile_buffer() at fs/jbd/transaction.c:1520: "jh->b_jlist < 9" -- A kernel panic dump is

...o ipt_tcpmss.ko iptable_mangle.ko ip_conntrack_irc.ko ip_nat_tftp.ko ipt_REDIRECT.ko ipt_conntrack.ko ipt_helper.ko ipt_mac.ko ipt_pkttype.ko ipt_tos.ko iptable_nat.ko ip_conntrack_tftp.ko ip_tables.ko ipt_REJECT.ko ipt_dscp.ko ipt_iprange.ko ipt_mark.ko ipt_recent.ko ipt_ttl.ko Should one of these modules be loaded to solve the problem?

Hello, I trying to run XEN 2.0 (2.4.27, 2.4.28, 2.6.9) on gentoo 2004.3. When i boot guest domain i get this: anubis xen # xm create -f ttylinux -c Using config file "ttylinux". Started domain ttylinux, console on port 9601 ************ REMOTE CONSOLE: CTRL-] TO QUIT ******** Linux version 2.4.28-xenU (root@anubis) (gcc version 3.3.3 20040217 (Gentoo Linux 3.3.3, propolice-3.3-7))

Hi, I have the my gateway with load balancing traffic going out over two providers. Web browsing is fine...working great. But, my clients (office staff) complains that MSN keeps disconnecting (in 5 mins). Why? Please help me... Regards, ro0ot

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=562 ------- Additional Comments From kaber@trash.net 2007-04-27 02:41 MET ------- I asked you to post this with additional information to the mailinglists, so pleast at least include the information here or post it to the lists as I asked. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email -------

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

...nd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_pcm snd_timer snd_page_alloc snd soundcore lp parport_pc ppdev parport ipt_REJECT ipt_LOG ipt_state ipt_pkttype ipt_set ipt_CONNMARK ipt_MARK ipt_ROUTE ipt_connmark ipt_owner ipt_recent ipt_iprange ipt_physdev ipt_multiport ipt_conntrack iptable_mangle ip_set_portmap ip_set_macipmap ip_set_ipmap ip_set_iphash ip_set ip_nat_irc ip_nat_tftp ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_tftp ip_conntrack_ftp ip_conntrack iptable_filter ip_tables 8139too mii af_packet ide_cd lo...