similar to: Problems with IPTABLES recent module.

Is the maximum permitted value for --hitcount documented anywhere? I reliably get a iptables-restore error when I specify a hitcount value greater than 20 but I cannot find any mention of there being a maximum value. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

Hi! I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2. -- Veiko Kukk

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

Hi, i have a problem with xen. the output of uname is:Linux xen 2.6.12-gentoo-r6 #9 SMP Mon Jan 23 18:13:25 CET 2006 i686 AMD Opteron(tm) Processor 844 AuthenticAMD GNU/Linux i user the SAME config of the kernel, for xen0 domain, and when i boot with xen0 kernel it reboots after this output... . . . ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>.

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Netscape 4.73 available Advisory ID: RHSA-2000:028-02 Issue date: 2000-05-19 Updated on: 2000-05-19 Product: Red Hat Linux Keywords: netscape SSL telnet rlogin Cross references:

Hi All, I'm running our network with an 10/8 IPv4 subnets, with an SNAT catch all rule on the iptables firewall to the world. Is there a pratical way to log each connection? Maybe an "automatic hotspot" wich will assign an "external" IP to each "internal" one, and log it. What are you using folks? Thanks, Antonio. --

Hi listmates, Happy Thanksgiving! Does anybody know if there is a convenient utility to configure iptables on a CentOS 5.4 or 5.3 machine to do port forwarding? And if not, where and how does one put the requisite commands? Thanks. Boris.

I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 # iptables-save However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help? - cs.

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

Hello, Presently I am considering using CentOS as my base OS. I am wondering about a few things though. I like KVirc as my irc program. I have had issue with compiling it in 64bit mode under Fedora 3 and was todl it was because Fedora installs both 32 and 64 bit libs and the compiler didn't understnad which to use. Will this be an issue with CentOS 4 also? If I install the 64 bit

I have set up a VPN over PPTP on a CentOS server using the DKMS module rpm dkms-0-2.0.6-3.el4 from http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repovie w/dkms-0-2.0.6-3.el4.kb.html and kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm at http://pptpclient.sourceforge.net/howto-fedora- core-3.phtml. I have configured the pptpd server on Centos4 to use MS_CHAPv2, 128bit encryption and

I've got a server with several ip's on eth0. I want to block all traffic *except* to port 80 on them, but not on any other IPs, so that eth0 is www.xxx.yyy.zzz eth0:1 is www.xxx.yyy.ggg eth0:2 is www.xxx.yyy.hhh I've tried -A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.ggg --dport ! 80 -j DROP -A RH-Firewall-1-INPUT -p tcp -d www.xxx.yyy.hhh --dport ! 80 -j DROP and restarted (and

Dear CentOS people, I'm sure many have faced this before but I can't seem to figure this out. I need unattended OpenSSH and its SFTP connections to be closed after a while (say, in 10 minutes). This needs to override anything that could be done from the client side (ServerAliveInterval or keepalives a program like PuTTY can send). I kind of understand it's not always easy to

Hello, I haven't installed anything other then what is in the Repos. Here are my Repo's: yum.repos.d $ cat atrpms.repo [atrpms] name= ATRPMS RPM Repository for Red Hat Enterprise Linux baseurl=http://dl.atrpms.net/el$releasever-$basearch/atrpms/stable gpgcheck=1 enabled=1 yum.repos.d $ cat CentOS-Base.repo # CentOS-Base.repo # # This file uses a new mirrorlist system developed by Lance

I am also seeing this in smbd.log: [2020/07/03 09:20:18.211558, 1] ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) GSS VerifyMic failed: A token had an invalid MIC: unknown mech-code 2529638943 for mech 1 2 840 113554 1 2 2 [2020/07/03 09:20:18.211625, 0] ../../source4/auth/gensec/gensec_gssapi.c:1347(gensec_gssapi_check_packet)

I have this on the DC smb4-1.brockley.harte-lyne.ca: samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=6, Children=0 SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=support.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600)

[root at smb4-1 ~ (master)]# samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=4, Children=0 SOA: serial=3, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=hostmaster.brockley.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600) NS:

On 07.07.2020 21:14, Rowland penny via samba wrote: > On 07/07/2020 20:00, James B. Byrne via samba wrote: >> I have this on the DC smb4-1.brockley.harte-lyne.ca: >> >> samba-tool dns query localhost brockley.harte-lyne.ca >> brockley.harte-lyne.ca >> ALL -U administrator >> Password for [BROCKLEY\administrator]: >> ?? Name=, Records=6, Children=0

I have a dc configured to use the samba internal dns service. The version of samba I am using is 4.10.15 packaged for FreeBSD. Its build options state this: BIND911 : off BIND916 : off , , , GSSAPI_BUILTIN : on GSSAPI_MIT : off LDAP : on . . . NSUPDATE : off My smb4.conf file contains this: [global] bind interfaces only = Yes dns forwarder =

Wed Jul 8 16:09:19 UTC 2020, Rowland penny wrote: > No, it is '@' for the name, not 'brockley.harte-lyne.ca' Previously I had tried that as well with similar results as shown below: [root at smb4-1 ~ (master)]# samba-tool dns help delete Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> [root at smb4-1