search for: tcp_packet

Hi all, When we create a custom chain in iptables, should we specifically create a rule to 'jump back' to the previous chain? For example: iptables -A INPUT -j CUSTOMCHAIN iptables -A CUSTOMCHAIN rule1 iptables -A CUSTOMCHAIN rule2 Should we add: iptables -A CUSTOMCHAIN -j INPUT ? Or, it will automatically go back to CHAIN when there's no more rule? Thank you very much, -- Fajar

...4.1 Filter table #### 4.1.1 Set policies $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP #### 4.1.2 Create userspecified chains # Create chain for bad tcp packets $IPTABLES -N bad_tcp # Create separate chains for ICMP, TCP and UDP to traverse $IPTABLES -N tcp_packets $IPTABLES -N udp_packets $IPTABLES -N icmp_packets $IPTABLES -N common #### 4.1.3 Create content in userspecified chains # bad_tcp chain $IPTABLES -A bad_tcp -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset $IPTABLES -A bad_tcp -p tcp ! --syn -m s...

...easier to do the check in __nf_ct_refresh_acct() in net/netfilter/nf_conntrack_core.c. But notice that "if (newtime - ct->timeout.expires >= HZ)" there has an integer underflow when newtime is smaller than ct->timeout.expires, and some things are currently relying on it, e.g. in tcp_packet() when a TCP connection coming out of ESTABLISHED has its timeout reduced. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachment...

...echo "1" > /proc/sys/net/ipv4/ip_dynaddr # 4. rules set up. # 4.1 Filter table # 4.1.1 Set policies /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT DROP /sbin/iptables -P FORWARD DROP # 4.1.2 Create userspecified chains # Create chain for bad tcp packets /sbin/iptables -N bad_tcp_packets # Create separate chains for ICMP, TCP and UDP to traverse /sbin/iptables -N allowed /sbin/iptables -N tcp_packets /sbin/iptables -N udpincoming_packets /sbin/iptables -N icmp_packets # 4.1.3 Create content in userspecified chains # bad_tcp_packets chain /sbin/iptables -A bad_tcp_packets -p tc...

...e (I did not set them up). Can I add those somehow as windows printers through samba ? (Just makes things a little tighter than having to set things up over the Internet through http). In my firewall, I have opened the following ports : SAMBAPORT1=137 SAMBAPORT2=138 SAMBAPORT3=139 $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport $SAMBAPORTx -j allowed I am not comfortable with opening any more ports than are strictly necessary. Ease of use is nice, but not at the cost of security. Can't I just tunnel samba over the ssh port (22) ? Thanks.

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

...update_inode+852/896] [ip_nat_fn+467/480] [ipt_hook+28/32] Apr 17 21:40:13 mofo kernel: [<c015861f>] [<c0158c8e>] [<c0152117>] [<c0152174>] [<c02cfe53>] [<c02cfb2c>] Apr 17 21:40:13 mofo kernel: [journal_cancel_revoke+251/368] [do_get_write_access+1183/1216] [tcp_packet+309/336] [journal_get_write_access+55/80] [journal_cancel_revoke+251/368] [do_get_write_access+1183/1216] Apr 17 21:40:13 mofo kernel: [<c015ca9b>] [<c015861f>] [<c02cbf85>] [<c0158677>] [<c015ca9b>] [<c015861f>] Apr 17 21:40:13 mofo kernel: [ext3_alloc_block...

...update_inode+852/896] [ip_nat_fn+467/480] [ipt_hook+28/32] Apr 17 21:40:13 mofo kernel: [<c015861f>] [<c0158c8e>] [<c0152117>] [<c0152174>] [<c02cfe53>] [<c02cfb2c>] Apr 17 21:40:13 mofo kernel: [journal_cancel_revoke+251/368] [do_get_write_access+1183/1216] [tcp_packet+309/336] [journal_get_write_access+55/80] [journal_cancel_revoke+251/368] [do_get_write_access+1183/1216] Apr 17 21:40:13 mofo kernel: [<c015ca9b>] [<c015861f>] [<c02cbf85>] [<c0158677>] [<c015ca9b>] [<c015861f>] Apr 17 21:40:13 mofo kernel: [ext3_alloc_block...