similar to: [Bug 58] save() function of libipt_recent.c broken

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=58 Summary: save() function of libipt_recent.c broken Product: iptables userspace Version: 1.2.7a Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: laforge@netfilter.org

hi i have gone through the achieves but still could not get my bridge to suvive a reboot . please can anyone help me am using fedora core 2 -----Original message----- From: bridge-request@lists.osdl.org Date: Fri, 28 Jan 2005 03:08:06 +0100 To: bridge@lists.osdl.org Subject: Bridge Digest, Vol 17, Issue 25 > Send Bridge mailing list submissions to > bridge@lists.osdl.org > >

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=91 ------- Additional Comments From kaber@trash.net 2003-06-16 00:38 ------- problem seems to be a dropped reference in remove_expectations, can be reproduced by unloading ip_conntrack after unloading a helper which is helping a connection. Attached patch fixes my problems. ------- You are receiving this mail because: -------

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=83 outsider@key2peace.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=53 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |LATER ------- Additional Comments From

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=64 ------- Additional Comments From tobias@portfolio16.de 2003-04-21 23:51 ------- Hi, I think I just found a problem with the patch... It was my fault to use a automatic build system and not check it... In the end the patch didn't apply in its whole and I didn't discover it, because the build system just went on.

Hello, up to CentOS 5.3 it was possible, to control new ip connections by "recent", "seconds" and "hitcount" -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " -A INPUT -p tcp -m tcp --dport 80 -m state

Hello, I have well performing iptables in centos 5.2 and 5.3 : -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix "FW DROP IP Flood: " Centos 5.5, updated today: Without -hitcount : iptables accept the line Including -hitcount : iptables brings an error message: Applying iptables firewall rules: iptables-restore:

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=469 Summary: recent match doesn't triger with --hitcount > 20 Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: ip_tables (kernel) AssignedTo:

Is the maximum permitted value for --hitcount documented anywhere? I reliably get a iptables-restore error when I specify a hitcount value greater than 20 but I cannot find any mention of there being a maximum value. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

I have been having a hard time login into a RH AS 3.0 using my MS AD account and password. I did successfully setup winbind, krb5 and samba w/out any major complications. But when it came to login I investigate as to why I am not able to log into the linux box using my AD account and password. I used the following URL example to setup winbind and samba.

Hello, all. I read this document about iptables recent module. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks and I would like to filter the excessive spam mail sending ip address by iptables recent module. and some questions. iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m

This was sent to me regarding the wiki. ---------- Forwarded message ---------- From: "Martin Kon??ek" <mkonicek12 at gmail.com> Date: Mar 7, 2013 4:44 AM Subject: mistake on Securing SSH To: <timothy.ty.lee at gmail.com> Cc: Hi TImothy, I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake. *Instead of having* iptables

I added these rules to IPTABLES to slow brute force attacks. iptables -A INPUT -p tcp --dport 22 -s my_subnet/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP I would like log entries when connections are dropped to see

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=24 gandalf@wlug.westbo.se changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |outsider@key2peace.org ------- Additional Comments From gandalf@wlug.westbo.se 2003-04-23 15:57 ------- *** Bug 83

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=90 Summary: RPC and RSH conntrack helpers don't use struct ip_conntrack_helper->name correctly Product: netfilter/iptables Version: patch-o-matic Platform: other OS/Version: other Status: NEW Severity: normal Priority: P2

http://bugzilla.mindrot.org/show_bug.cgi?id=141 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary| openssh-3.1p1-1.src.rpm |openssh-3.1p1-1.src.rpm will |will not build on RedHat |not build on RedHat Linux |Linux 6.1

Hello Tom, On the page 'http://lwn.net/Articles/313328/' i found info about changes in 'cls_flow.c' in kernel-2.6.29: net/sched/cls_flow.c | 4 +- and may be now it will work properly to everyone's entertainment. Thank you, Alex --- Прогноз погоды ТУТ - http://pogoda.tut.by

Hi After several days testing and studing howtos and docu again ... I want to limit all tcp trafic with the limit module to say one connection per second except some known trafic. (This is because of using p2p progs gets mi crazy which gets my adsl modem down and I share my net with some users and because of encryption of stream l7 does not work ...) As I understand the limit module does work

I''ve found the below rule, is it possible to use it with shorewall? I see how to setup the timing/rates but how to perform loggin of such action (a separate rule?). as an additional question is i possible to dynamically add hosts to blacklist and persist this between restarts? " SSH -A PREROUTING -m tcp -p tcp -d $EXTERNAL --dport 22 -m recent --rcheck --hitcount 3 --seconds 600 -j