Displaying 8 results from an estimated 8 matches for "subchain".
2015 Mar 02
0
IP drop list
...lls
is the average number of rules a packet has to be matched against, and
the two main tools to help with that are (if I may use iptables lingo
here) a) --state ESTABLISHED to get everything but the
connection-initiating packets out of the way ASAP and b) branching
tree-like into dedicated-purpose subchains, rather than building linear
lists. Assuming that the IPs to be blocked are randomly distributed,
I'ld try something along the following lines:
[main chain]
--state ESTABLISHED,RELATED -j ACCEPT
-p tcp --dport pop3 -j dove-blocks
-p tcp --dport imap -j dove-blocks
[subchain dove-blocks]
-d 1...
2015 Mar 01
12
IP drop list
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
drops, and I don't want to compile with wrappers *if* dovecot has an
easy ability to do this. If dovecot could parse a flat text file of
2008 Aug 19
4
Simple IPTABLES Question
I added these rules to IPTABLES to slow brute force attacks.
iptables -A INPUT -p tcp --dport 22 -s my_subnet/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP
I would like log entries when connections are dropped to see
2004 Oct 06
2
Huge system load using HTB
...add dev $DEV parent 1:${CLASS_ID} handle ${CLASS_ID}: \
sfq perturb 10
tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
match ip dst "$IP" flowid 1:${CLASS_ID}
iptables -A "$CHAIN_NAME" -t mangle -s "$IP" -j MARK --set-mark $CLASS_ID
I use iptables subchains, so that every chains contains 32 entries.
I have recently upgraded from RedHat 9.0 to Fedora Core 2. I cannot turn
back to RH9, because I had other problems with that.
I use kernel 2.6.8-1.521 (the problem was the same with original
kernel). I didn''t recompile it.
THE PROBLEM:
When I...
2020 Jun 18
10
[Bug 1434] New: Usability improvements, enabling creation of complex firewalls
https://bugzilla.netfilter.org/show_bug.cgi?id=1434
Bug ID: 1434
Summary: Usability improvements, enabling creation of complex
firewalls
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
2017 Dec 29
1
OpenVPN server and firewalld
On Fri, Dec 29, 2017 at 10:32 AM, Kenneth Porter <shiva at sewingwitch.com>
wrote:
> How do I insert the iptables rule below using firewalld?
>
> I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to
> get OpenVPN working to allow home workers to access PCs at the office. I've
> got it all working but only by manually inserting an ACCEPT rule in
2020 Jun 16
2
firewall help request (solved)
At 03:47 PM 6/16/2020, Kenneth Porter wrote:
>The rule is in the wrong chain. The INPUT chain affects packets that
>terminate at the same machine. You want to block packets that will
>be passed on to the Internet, so your rule needs to be in the
>FORWARD chain. (The OUTPUT chain affects packets that originate at
>your machine.)
>
>Here's a nice collection of diagrams
2005 Aug 15
11
Hardware Configuration Ideas
Hey guys,
I am planning to buy some components for a Linux router that will handle the
Internet access of 200 computers (includes tc shaping) and some inter
sub-network routing (at least 100MBps per eth - and there are 3 eth cards).
I was thinking of a:
Pentium 4 - 3GHz
256 or 512MB RAM
Network Cards.
Now - I wonder what is more important: the processor speed or the amount of
RAM.
And can you