search for: tcp_packets

Hi all, When we create a custom chain in iptables, should we specifically create a rule to 'jump back' to the previous chain? For example: iptables -A INPUT -j CUSTOMCHAIN iptables -A CUSTOMCHAIN rule1 iptables -A CUSTOMCHAIN rule2 Should we add: iptables -A CUSTOMCHAIN -j INPUT ? Or, it will automatically go back to CHAIN when there's no more rule? Thank you very much, -- Fajar

...4.1 Filter table #### 4.1.1 Set policies $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP #### 4.1.2 Create userspecified chains # Create chain for bad tcp packets $IPTABLES -N bad_tcp # Create separate chains for ICMP, TCP and UDP to traverse $IPTABLES -N tcp_packets $IPTABLES -N udp_packets $IPTABLES -N icmp_packets $IPTABLES -N common #### 4.1.3 Create content in userspecified chains # bad_tcp chain $IPTABLES -A bad_tcp -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset $IPTABLES -A bad_tcp -p tcp ! --syn -m st...

https://bugzilla.netfilter.org/show_bug.cgi?id=1077 Bug ID: 1077 Summary: New traffic reduces conntrack timeout Product: netfilter/iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: nf_conntrack Assignee: netfilter-buglog

...echo "1" > /proc/sys/net/ipv4/ip_dynaddr # 4. rules set up. # 4.1 Filter table # 4.1.1 Set policies /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT DROP /sbin/iptables -P FORWARD DROP # 4.1.2 Create userspecified chains # Create chain for bad tcp packets /sbin/iptables -N bad_tcp_packets # Create separate chains for ICMP, TCP and UDP to traverse /sbin/iptables -N allowed /sbin/iptables -N tcp_packets /sbin/iptables -N udpincoming_packets /sbin/iptables -N icmp_packets # 4.1.3 Create content in userspecified chains # bad_tcp_packets chain /sbin/iptables -A bad_tcp_packets -p tcp...

...e (I did not set them up). Can I add those somehow as windows printers through samba ? (Just makes things a little tighter than having to set things up over the Internet through http). In my firewall, I have opened the following ports : SAMBAPORT1=137 SAMBAPORT2=138 SAMBAPORT3=139 $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport $SAMBAPORTx -j allowed I am not comfortable with opening any more ports than are strictly necessary. Ease of use is nice, but not at the cost of security. Can't I just tunnel samba over the ssh port (22) ? Thanks.

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

Hi, If this is a redundant post I apologize. I am running 2.4.20 on what has been a very stable Athlon machine for months, tried to move a 2 GB file from an ext2 partition to an ext3 and kjournald crashed. Here are the last reminants of my shell scrollback: [*ROOT* mofo /mnt/sda1/mysql/fd 641 ] ll oldmail/ total 2363288 -rw-rw---- 1 mysql mysql 2147483647 Jan 23 18:04 maillog.MYD

Hi, If this is a redundant post I apologize. I am running 2.4.20 on what has been a very stable Athlon machine for months, tried to move a 2 GB file from an ext2 partition to an ext3 and kjournald crashed. Here are the last reminants of my shell scrollback: [*ROOT* mofo /mnt/sda1/mysql/fd 641 ] ll oldmail/ total 2363288 -rw-rw---- 1 mysql mysql 2147483647 Jan 23 18:04 maillog.MYD