similar to: iptables -m connlimit

Greetings folks, I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module. Is connlimit included by default? I thought it is since performing # iptables -m connlimit --help returns information on connlimit usage along with the general iptables help info: <SNIP> connlimit v1.2.11 options: [!]

Hello, up to CentOS 5.3 it was possible, to control new ip connections by "recent", "seconds" and "hitcount" -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " -A INPUT -p tcp -m tcp --dport 80 -m state

hi, i try use iptables connlimit, # iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j DROP iptables: Unknown error 4294967295 where is problem ? thanks # rpm -qa | grep iptables iptables-1.3.5-4.el5 # uname -a Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686 i686 i386 GNU/Linux

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=515 Summary: connlimit filter doesn't work in 1.3.5 version of iptables Product: iptables Version: 1.3.5 Platform: All OS/Version: Fedora Status: NEW Severity: normal Priority: P2 Component: libiptc AssignedTo:

http://bugzilla.netfilter.org/show_bug.cgi?id=618 Summary: connlimit doesn't work after upgrade to iptables 1.4.5 Product: iptables Version: unspecified Platform: i386 OS/Version: All Status: NEW Severity: normal Priority: P1 Component: iptables AssignedTo: laforge at netfilter.org

Helo, we use recent to control ip traffic. kernel 2.6.18-308.13.1.el5 : all is OK kernel 2.6.18-308.16.1.el5 : the first recent statement causes an error. E.g.: iptables -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 iptables: Unknown error 18446744073709551615 The man pages say: recent is supported. CentOS 6: is OK Knows anyone more? Best regards Helmut Drodofsky -- Viele

https://bugzilla.netfilter.org/show_bug.cgi?id=857 Summary: ConnLimit unable to work properly Product: iptables Version: 1.4.x Platform: All OS/Version: RedHat Linux Status: NEW Severity: critical Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org

Helo, update is in EPEL repository. on startup, clamd does not further create clamd.sock and clamd.pid clamd service stops without any message - even in debug mode. It's a nightmare. Helmut -- Viele Gr??e Helmut Drodofsky Internet XS Service GmbH He?br?hlstra?e 15 70565 Stuttgart Gesch?ftsf?hrung Dr.-Ing. Roswitha Hahn-Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774 Tel. 0711

https://bugzilla.netfilter.org/show_bug.cgi?id=1207 Bug ID: 1207 Summary: connlimit rule fires too often Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: ip_tables (kernel) Assignee:

Hello Ron, sounds good. I have 2 tape changer. I persume, udev creates the same link for both. Can I modify SYMLINK+="changer-$env{ID_SERIAL}" The serial should be unique. Viele Gr??e Helmut Drodofsky Internet XS Service GmbH He?br?hlstra?e 15 70565 Stuttgart Gesch?ftsf?hrung Helmut Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774 Fon: 0711 781941 0 <tel:+497117819410> Fax:

http://bugzilla.netfilter.org/show_bug.cgi?id=597 Summary: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix) Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: major Priority: P1 Component: ip6tables AssignedTo: laforge

yum update was run 23.10.19 and then 05.11.19 to the beginning of the update 5.11.2019 kernel logging to /var/log/messages was ok. During the update at 5.11.2019 logging to /var/log/messages finished. I persume, this bug began during processing updates. yum-log shows: ........... Nov 05 14:56:54 Installed: virt-viewer-5.0-15.el7.x86_64 Nov 05 15:59:28 Installed: nbdkit-1.8.0-1.el7.x86_64

https://bugzilla.netfilter.org/show_bug.cgi?id=676 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |netfilter at linuxace.com Resolution|

Helmut Drodofsky wrote: > Hello, > > there is one route missing: > > 128.0.0.0/1. > Did you mean 127.0.0.0? mark > config client: > route-nopull > redirect-gateway def1 bypass-dhcp > > best regards > Helmut > > Viele Gr??e > Helmut Drodofsky > > Internet XS Service GmbH > He?br?hlstra?e 15 > 70565 Stuttgart > > Gesch?ftsf?hrung

Hello, I have well performing iptables in centos 5.2 and 5.3 : -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix "FW DROP IP Flood: " Centos 5.5, updated today: Without -hitcount : iptables accept the line Including -hitcount : iptables brings an error message: Applying iptables firewall rules: iptables-restore:

our new Server with AMD EPYC and super micro board reboots ramdonly. There is no error message before the reboot in /var/log/messages. we are running 2 Server with VMWare workstation without any problem. The new server should run KVM. older servers with AMD (before EPYC) running KVM without any problem. any idea or recommendation? -- Viele Gr??e Helmut Drodofsky Internet XS Service GmbH

Hello, mtx and therefor amanda use generic device /dev/sg<x> for tape changer. These devices change on reboot. How to make them persistent? /dev/sch0 and /dev/sch1 seem to be persistent. /dev/tape/by-id/ shows links from WWID to generic device An UDEV rule could help? I have not found any example. -- Viele Gr??e Helmut Drodofsky Internet XS Service GmbH He?br?hlstra?e 15 70565

I've taken you as far as I can go. ?Now you will have to experiment a bit for your use case. ?I should point out that at least in my system, the link with the serial number in it shows up even with the line commented in the rules file. As always, YMMV. On Thu, 2019-02-07 at 22:29 +0100, Helmut Drodofsky wrote: > Hello Ron, > > sounds good. I have 2 tape changer. I persume, udev

> Am 08.02.2019 um 00:13 schrieb Ron Loftin <reloftin at twcny.rr.com>: > > On Thu, 2019-02-07 at 22:29 +0100, Helmut Drodofsky wrote: >> Hello Ron, >> >> sounds good. I have 2 tape changer. I persume, udev creates the same >> link for both. >> >> Can I modify >> SYMLINK+="changer-$env{ID_SERIAL}" >> >> The serial

2016-07-08 4:19 GMT+08:00 Helmut Drodofsky <drodofsky at internet-xs.de>: > Helo, > > update is in EPEL repository. > > on startup, clamd does not further create clamd.sock and clamd.pid > > clamd service stops without any message - even in debug mode. > > Comment out "AllowSupplementaryGroups" in config clamd.conf and try restart again > It's a