Displaying 20 results from an estimated 20 matches for "xt_recent".
Did you mean:
is_recent
2019 Mar 25
3
[Bug 1328] New: Please allow ipset add and del via the /proc/net/xt_ipset mechanism
...Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: murf at parsetree.com
I measure the xt_recent hash table's speed to enter an ip into the hash, and
compared with ipset add speed. recent, via this method:
echo +<addr> >/proc/net/xt_recent/DEFAULT
is 13 times faster than ipset add <addr>
Now, ipset has these advantages against recent:
recent has size limits you must defi...
2011 Oct 25
3
[Bug 759] New: "iptables -m recent" crashes a LXC host on lxc-stop
...WqDOb) entering forwarding
state
2011-10-24 19:34:40 [ 318.675038] br0: port 2(veth2WqDOb) entering disabled
state
2011-10-24 19:34:40 [ 318.703903] ------------[ cut here ]------------
2011-10-24 19:34:40 [ 318.703960] kernel BUG at
/build/buildd/linux-lts-backport-maverick-2.6.35/net/netfilter/xt_recent.c:609!
2011-10-24 19:34:40 [ 318.704017] invalid opcode: 0000 [#1] SMP
2011-10-24 19:34:40 [ 318.704137] last sysfs file:
/sys/devices/system/cpu/cpu3/cache/index1/shared_cpu_map
2011-10-24 19:34:40 [ 318.704189] CPU 3
2011-10-24 19:34:40 [ 318.704231] Modules linked in: xt_recent veth btrfs...
2014 May 26
2
nwfilter usage
...27864 2 ip6table_filter,xt_TPROXY
iptable_filter 12810 1
ip_tables 27473 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
x_tables 29891 52
ebt_arp,ebt_ip,ip6table_filter,ebtables,xt_time,xt_connlimit,xt_realm,xt_addrtype,iptable_raw,xt_comment,xt_recent,xt_policy,ipt_ULOG,ipt_REJECT,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ipt_ECN,ipt_ecn,ipt_CLUSTERIP,ipt_ah,xt_set,xt_TPROXY,ip6_tables,xt_tcpmss,xt_pkttype,xt_physdev,xt_owner,xt_NFQUEUE,xt_NFLOG,xt_multiport,xt_mark,xt_mac,xt_limit,xt_length,xt_iprange,xt_helper,xt_hashlimit,xt_DSCP,xt_dscp,xt_dccp...
2013 Jun 05
8
btrfs raid1 on 16TB goes read-only after "btrfs: block rsv returned -28"
...dules linked in: raid456 async_raid6_recov async_memcpy
async_pq async_xor xor async_tx raid6_pq act_police cls_basic cls_flow
cls_fw cls_u32 sch_tbf sch_prio sch_htb sch_hfsc sch_ingress
sch_sfq xt_CHECKSUM ipt_rpfilter xt_statistic xt_CT xt_LOG xt_time
xt_connlimit xt_realm xt_addrtype xt_comment xt_recent xt_policy xt_nat
ipt_ULOG ipt_REJECT ipt_MASQUERADE ipt_ECN ipt_CLUSTERIP ipt_ah xt_set
ip_set nf_nat
_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip nf_nat_pptp
nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_conntrack_tftp
nf_conntrack_sip nf_conntrack_proto_udplite nf_conntrack_proto_...
2015 Mar 02
6
IP drop list
Dave McGuire writes:
>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>>
>> then setup fail2ban to manage extrafields
>
> Now that's a very interesting idea, thank you! I will investigate this.
If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
expect dovecot will handle a comma separated string with 45K+ entries
any
2014 Jan 30
2
CentOS 6.5: NFS server crashes with list_add corruption errors
...next=ffff8803f611fa68).
Jan 30 09:46:13 qb-storage kernel: Modules linked in: nfsd lockd nfs_acl
auth_rpcgss sunrpc act_police cls_basic cls_flow cls_fw cls_u32 sch_tbf
sch_prio sch_htb sch_hfsc sch_ingress sch_sfq bridge stp llc
xt_statistic xt_time xt_connlimit xt_realm iptable_raw xt_comment
xt_recent xt_policy ipt_ULOG ipt_REJECT ipt_REDIRECT ipt_NETMAP
ipt_MASQUERADE ipt_ECN ipt_ecn ipt_CLUSTERIP ipt_ah ipt_addrtype xt_set
ip_set nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip
nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp
nf_nat_amanda ts_kmp nf_conntrack_amanda...
2014 Feb 27
8
[Bug 75569] New: [nv34] [v3.14-rc3] DMA_PUSHER get 0x00029044 put 0x000184d0 state 0x80000040 (err: INVALID_CMD) push 0x00000000
https://bugs.freedesktop.org/show_bug.cgi?id=75569
Priority: medium
Bug ID: 75569
Assignee: nouveau at lists.freedesktop.org
Summary: [nv34] [v3.14-rc3] DMA_PUSHER get 0x00029044 put
0x000184d0 state 0x80000040 (err: INVALID_CMD) push
0x00000000
QA Contact: xorg-team at lists.x.org
Severity:
2014 May 28
3
Re: nwfilter usage
...gt;> iptable_filter 12810 1
>> ip_tables 27473 4
>> iptable_raw,iptable_nat,iptable_mangle,iptable_filter
>> x_tables 29891 52
>> ebt_arp,ebt_ip,ip6table_filter,ebtables,xt_time,xt_connlimit,xt_realm,xt_addrtype,iptable_raw,xt_comment,xt_recent,xt_policy,ipt_ULOG,ipt_REJECT,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ipt_ECN,ipt_ecn,ipt_CLUSTERIP,ipt_ah,xt_set,xt_TPROXY,ip6_tables,xt_tcpmss,xt_pkttype,xt_physdev,xt_owner,xt_NFQUEUE,xt_NFLOG,xt_multiport,xt_mark,xt_mac,xt_limit,xt_length,xt_iprange,xt_helper,xt_hashlimit,xt_DSCP,xt_dscp,xt_dccp...
2015 Mar 02
0
IP drop list
...haps" go this way
https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/
45K+ IPs will work in a recent table
i have them too but for smtp only like
echo 10000000 > /sys/module/xt_recent/parameters/ip_list_tot
combine with geoip might be a good idea too
is ultra faster then fail2ban cause no log file parsing is needed
or an other idea
you might test, configure a syslog filter pumping in a recent table the
direct way
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://s...
2014 May 26
0
Re: nwfilter usage
...e_filter,xt_TPROXY
> iptable_filter 12810 1
> ip_tables 27473 4
> iptable_raw,iptable_nat,iptable_mangle,iptable_filter
> x_tables 29891 52
> ebt_arp,ebt_ip,ip6table_filter,ebtables,xt_time,xt_connlimit,xt_realm,xt_addrtype,iptable_raw,xt_comment,xt_recent,xt_policy,ipt_ULOG,ipt_REJECT,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ipt_ECN,ipt_ecn,ipt_CLUSTERIP,ipt_ah,xt_set,xt_TPROXY,ip6_tables,xt_tcpmss,xt_pkttype,xt_physdev,xt_owner,xt_NFQUEUE,xt_NFLOG,xt_multiport,xt_mark,xt_mac,xt_limit,xt_length,xt_iprange,xt_helper,xt_hashlimit,xt_DSCP,xt_dscp,xt_dccp...
2013 Feb 01
0
Network stopped just out of the blue leaving this backtrace:
...:07:15 localhost kernel: Hardware name:
Feb 1 04:07:15 localhost kernel: NETDEV WATCHDOG: eth0 (r8169):
transmit queue 0 timed out
Feb 1 04:07:15 localhost kernel: Modules linked in: tcp_diag inet_diag
bluetooth rfkill bnx2fc fcoe libfcoe libfc 8021q scsi_transport_fc garp
scsi_tgt stp llc sunrpc xt_recent xt_state xt_multiport iptable_filter
ipt_REDIRECT ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4
iptable_raw xt_MARK xt_socket nf_conntrack nf_defrag_ipv4 ip6_tables
nf_defrag_ipv6 iptable_mangle ip_tables ext2 ppdev parport_pc parport
serio_raw sg i2c_i801 snd_hda_codec_realtek snd_hda_intel...
2015 Mar 02
6
IP drop list
...sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
>
> https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/
>
> 45K+ IPs will work in a recent table
> i have them too but for smtp only like
>
> echo 10000000 > /sys/module/xt_recent/parameters/ip_list_tot
>
> combine with geoip might be a good idea too
>
> is ultra faster then fail2ban cause no log file parsing is needed
>
> or an other idea
> you might test, configure a syslog filter pumping in a recent table the
> direct way
that is all nice
but the...
2014 May 28
0
Re: nwfilter usage
...filter 12810 1
>>> ip_tables 27473 4
>>> iptable_raw,iptable_nat,iptable_mangle,iptable_filter
>>> x_tables 29891 52
>>> ebt_arp,ebt_ip,ip6table_filter,ebtables,xt_time,xt_connlimit,xt_realm,xt_addrtype,iptable_raw,xt_comment,xt_recent,xt_policy,ipt_ULOG,ipt_REJECT,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ipt_ECN,ipt_ecn,ipt_CLUSTERIP,ipt_ah,xt_set,xt_TPROXY,ip6_tables,xt_tcpmss,xt_pkttype,xt_physdev,xt_owner,xt_NFQUEUE,xt_NFLOG,xt_multiport,xt_mark,xt_mac,xt_limit,xt_length,xt_iprange,xt_helper,xt_hashlimit,xt_DSCP,xt_dscp,xt_dccp...
2014 Sep 28
1
[Bug 84424] New: nouveau crash log [mesa-10.3.0]
...] Oops: 0000 [#1] PREEMPT SMP
[ 2643.920487] Modules linked in: act_police cls_basic cls_flow cls_fw cls_u32
sch_fq_codel sch_tbf sch_prio sch_htb sch_hfsc sch_sfq arptable_filter
arp_tables xt_CHECKSUM ipt_rpfilter xt_geoip(O) xt_statistic xt_CT xt_LOG
xt_connlimit xt_realm xt_addrtype xt_comment xt_recent ipt_ULOG ipt_MASQUERADE
ipt_ECN ipt_CLUSTERIP ipt_ah xt_set nf_nat_tftp nf_nat_snmp_basic
nf_conntrack_snmp nf_nat_sip nf_nat_pptp nf_nat_proto_gre nf_nat_irc
nf_nat_h323 nf_nat_ftp nf_nat_amanda ts_kmp nf_conntrack_amanda
nf_conntrack_sane nf_conntrack_tftp nf_conntrack_sip nf_conntrack_proto_udpl...
2014 Jun 17
3
RFE: dnsbl-support for dovecot
after having my own dnsbl feeded by a honeypot and even
mod_security supports it for webservers i think dovecot
sould support the same to prevent dictionary attacks from
known bad hosts, in our case that blacklist is 100%
trustable and blocks before SMTP-Auth while normal RBL's
are after SASL
i admit that i am not a C/C++-programmer, but i think
doing the DNS request and in case it has a
2013 Aug 04
2
Unable to unmount filesystem (bug in kernel reported in kern.log)
...fs/btrfs/inode.c:806!
Aug 4 02:26:06 rohan kernel: [ 3878.947216] invalid opcode: 0000 [#1] SMP
Aug 4 02:26:06 rohan kernel: [ 3878.947238] CPU 1
Aug 4 02:26:06 rohan kernel: [ 3878.947248] Modules linked in: btrfs
zlib_deflate libcrc32c pci_stub vboxpci(O) vboxnetadp(O) vboxnetflt(O)
vboxdrv(O) xt_recent xt_state xt_tcpudp iptable_nat nf_nat
nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_filter ip_tables
x_tables rfcomm bnep bluetooth parport_pc ppdev binfmt_misc dm_crypt
snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm
snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq s...
2013 Dec 11
4
[Bug 72599] New: [NVC0] null pointer dereference (nouveau_fence_wait_uevent.isra.5)
...t;ffffffffa0426b19>]
nouveau_fence_wait_uevent.isra.5+0x19/0x450 [nouveau]
[56953.400984] PGD d1cf2067 PUD d2ac8067 PMD 0
[56953.400998] Oops: 0000 [#1] PREEMPT SMP
[56953.401010] Modules linked in: xt_CHECKSUM ipt_rpfilter xt_statistic xt_CT
xt_LOG xt_connlimit xt_realm xt_addrtype xt_comment xt_recent xt_nat ipt_ULOG
ipt_REJECT ipt_MASQUERADE ipt_ECN ipt_ah xt_set ip_set nf_nat_tftp nf_nat_sip
nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda
ts_kmp nf_conntrack_amanda nf_conntrack_sane nf_conntrack_tftp nf_conntrack_sip
nf_conntrack_proto_udplite nf_conntrack_proto_sc...
2011 Dec 22
8
[Bug 765] New: Netfilter crash on bridged/TAP device on 2.6.38 & 3.0 kernels
http://bugzilla.netfilter.org/show_bug.cgi?id=765
Summary: Netfilter crash on bridged/TAP device on 2.6.38 & 3.0
kernels
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: Ubuntu
Status: NEW
Severity: major
Priority: P2
Component: bridging
2015 Dec 18
0
[ANNOUNCE] iptables 1.6.0 release
...al (15):
Merge branch 'stable-1.4.20'
iptables.8: --policy is either ACCEPT or DROP
extensions: libxt_connlabel: do not open config file from _init hook
man: string: document icase
tests: split into family and table specific files
tests: add test case for xt_recent regression
extensions: remove MIRROR
extensions: remove SAME target
extensions: remove 'unclean' match
extensions: add more test cases for iptables-test.py
extensions: SNPT,DNPT: fix save/print output
extensions/libxt_recent.t: add test case for 3.19 regr...
2018 Nov 25
11
[Bug 108857] New: display becomes unresponsive and keyboard input fails
https://bugs.freedesktop.org/show_bug.cgi?id=108857
Bug ID: 108857
Summary: display becomes unresponsive and keyboard input fails
Product: xorg
Version: unspecified
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: Driver/nouveau