similar to: TARPIT target in iptables

Hi, I''m having problems with this configuration: iptables 1.3.7 (vanilla or repackaged for fc5) kernel 2.6.19 (vanilla) ROUTE 1.11 (last pom-ng) layer7-filter 2.6 (last in sf.net) connlimit (last pom-ng) When I try to use -j ROUTE in any chain in mangle table I have this error: [root@myhost ~]# iptables -v -t mangle -A POSTROUTING -p tcp --dport msnp -j ROUTE --gw

Hi, I am trying to install some additional iptables modules on a CentOS 5 Box (imq, tarpit, geoip). Can anyone recommend a version of patch-o-matic-ng that works well with the CentOS 5 kernel sources (2.6.18-8.1.4)? The most current version (patch-o-matic-ng-20070521.tar.bz2) does not compile. With patch-o-matic-ng-20061128.tar.bz2 I could at least get tarpit working but geoip and imq seem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running, > but I still have a problem: > > Validating hosts file... > Error: Your kernel and/or iptables does not not support policy match: ipsec > > I had a look for netfilter patch-o-matic, but I did not find the

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 ------- Additional Comments From tools@die.net 2003-04-17 15:47 ------- Showing any ports open that are sent to it is the normal function of TARPIT target. The psd match will start routing all ports to it after it decides that an IP is portscanning, so this is the expected behavior. That being said, the psd match won't

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 Summary: -m psd -j TARPIT returns all ports open from nmap Product: iptables userspace Version: unspecified Platform: i386 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo:

https://bugzilla.netfilter.org/show_bug.cgi?id=1097 Bug ID: 1097 Summary: TARPIT function does not work in ip6tables Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel) Assignee:

Hello! I need assistance to solve my problem related to traffic shaping based on the user ids. The problem: each unix user (of the linux host) has to be limited with incoming channel (internet) bandwidth. I need this to implement internet access solution based on ltsp (http://www.ltsp.org). As far as I know the best way to shape traffic in linux is CBQ. But there is no filter based on unix

I have a linux box with kernel 2.4.22 and iptables 1.2.9 First, i patch linux kernel with Norbet Buckmuller''s .diff #cd \usr\src\linux #patch -p1 < imq-combo-debian-2.4.22.diff All correct Second, i -try to- patch iptables (following www.linuximq.net/faq.html) #cd /usr/src/linux/net/ipv4/netfilter I edit IMQ.pom-ng.patch and replace $KERNEL_DIR with /usr/src/linux #patch

Hi Guys, I''m trying to compile IMQ with kernel-2.4.26 and iptables-1.2.9 and I want to know is this procedure is correct: ---------------------------------------- - In Kernel 2.4.26 Directory (/usr/src/linux) # cd /usr/src/linux # wget http://www.linuximq.net/patchs/linux-2.4.24-imq.diff # patch -p1 < linux-2.4.24-imq.diff - In Patch O Matic Directory

Trying again, after re-subscribing: On 11/20/06, Bob Beers <bob.beers@gmail.com> wrote: > Hello, > > I want to dynamically create DNAT rules for > RTP streams (port-mapping for a SIP proxy). > > If my proxy adds the rule before the first packet > of the RTP stream hits the port, all is well. But, if > the stream begins arriving before my rule is in > place,

--KMIs29sPfC/9Gbii Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good news, Everyone! (TM) The netfilter core team announces a new release of the netfilter patch-o-matic suite: patch-o-matic-20030107 This release contains the most up-to-date bugfixes and new features for=20 the netfilter/iptables subsystem of the 2.4.x Linux

--BU7+kJFeeDlNltZg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good news, Everyone! (TM) The netfilter core team announces a new release of the netfilter patch-o-matic suite: patch-o-matic-20030912 This release contains the most up-to-date bugfixes and new features for=20 the netfilter/iptables subsystem of the 2.4.x Linux

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=25 delaunois@info.ucl.ac.be changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED OS/Version|other |All Resolution|

... Hello! I completed a simple userspace tarpit script: http://www.radlinux.org/connexion/browser/branches/0.4.4/lib/cxnet It is not a production solution, but an example of cxnet usage. Whilst not as fast as libnfnetlink and kernel netfilter, cxnet is extremely simple and can be used for rapid net-apps development or in GNU/Linux network studies (e.g., for educational purposes). Cxnet

I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as my main firewall. It is running a home-built 2.6.9 kernel with the ipsec-netfilter and policy match patches. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hello, I am fitting a coxph model with factors. I am running into problems when using 'survfit'. I am unsure how R is treating the factors when I fit, say: > DATA<-data.frame(time.sec,done,f.pom=factor(f.pom),po,vo) > final<-coxph(Surv(time.sec,done)~f.pom*vo+po,data=DATA) > final.surv<-survfit((final), individual=T,conf.type="log-log")

Stian B. Barmen schrieb: > I try to use patch-o-matic-ng for installation. Kernel patching works > nicely but the libipt_ipp2p.so shared object does not get built. I find > the .c file in the patch-o-matic tree under ipp2p but I don''t know how > to manually compile it. > My lsmod includes the sucsessfully made ipt_ipp2p module and I also > recompiled iptables for

H, I am using libvirt from maven using a nexus proxy pointing to http://www.libvirt.org/maven2/ It downloads the jar fine but is expecting libvirt-0.5.1.pom (and ...sha1). In the proxy only the jar appears. When I download and rename the pom to my local .m2 cache my build works fine. Is this a bug in the distribution of libvirt in its maven repo or is my dependency wrong somehow? Kind regards,

hi, i try use iptables connlimit, # iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j DROP iptables: Unknown error 4294967295 where is problem ? thanks # rpm -qa | grep iptables iptables-1.3.5-4.el5 # uname -a Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686 i686 i386 GNU/Linux

--Vy1A5eXR7jld12ZH Content-Type: multipart/mixed; boundary="N/GrjenRD+RJfyz+" Content-Disposition: inline --N/GrjenRD+RJfyz+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! The netfilter coreteam proudly presents: iptables version 1.2.8: Version 1.2.8 is a maintainance release, containing dozens of small