similar to: [Bug 733] New: ipset restore won't restore from output of ipset save

https://bugzilla.netfilter.org/show_bug.cgi?id=819 Summary: ipset create setname timeout 2147484 records greater timeout Product: ipset Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: default AssignedTo:

On Saturday 20 April 2019 00:32:43 Pete Biggs wrote: > What ban action do you use? If it's something like iptables-multiport, > then I wonder if the fact that it's detecting the failures as > '[dovecot]' means that it's using the dovecot ports, not the exim > ports, when applying the iptable rule. > > When a host has been banned, can you look at the

Hi Robert, On 07/18/2017 11:43 PM, Robert Schetterer wrote: > i guess not, but typical bots arent using ssl, check it > > however fail2ban sometimes is to slow I have configured dovecot with auth_failure_delay = 10 secs I hope that before the 10 sec are over, dovecot will have logged about the failed login attempt, and fail2ban will have blocked the ip by then. MJ

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard

https://bugzilla.netfilter.org/show_bug.cgi?id=1101 Bug ID: 1101 Summary: SET target unreliable in iptables - add does not work as expected Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=880 Summary: ipset doesn't refresh the timeout for an existing entry when the table is FULL. Product: ipset Version: unspecified Platform: x86_64 OS/Version: Fedora Status: NEW Severity: normal Priority: P5 Component: default

https://bugzilla.netfilter.org/show_bug.cgi?id=840 Summary: Specifying CIDR when adding to a hash:ip entry is silently ignored Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: minor Priority: P5 Component: default AssignedTo:

Hi, I''ve been successfully using shorewall in our K12 school since the 2.x days initially on Mandrake and now on Debian. Because of that my config has got quite complicated. The firewall has a working MultiISP setup with four interfaces (I''ve renamed them with udev to easy their identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers (the one on dnt-if) is a DSL

https://bugzilla.netfilter.org/show_bug.cgi?id=1369 Bug ID: 1369 Summary: ipset save|list -sorted sorts alphabetically instead of naturally Product: ipset Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: default

https://bugzilla.netfilter.org/show_bug.cgi?id=1719 Bug ID: 1719 Summary: ipset wrongly blocking undefined ranges and not blocking ranges that are defined Product: ipset Version: unspecified Hardware: All OS: RedHat Linux Status: NEW Severity: critical Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1726 Bug ID: 1726 Summary: invalid json generated by ipset list -output json Product: ipset Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: default Assignee:

Hey guys, I am planning to buy some components for a Linux router that will handle the Internet access of 200 computers (includes tc shaping) and some inter sub-network routing (at least 100MBps per eth - and there are 3 eth cards). I was thinking of a: Pentium 4 - 3GHz 256 or 512MB RAM Network Cards. Now - I wonder what is more important: the processor speed or the amount of RAM. And can you

Hi All, I am using the script below to limit download rates and manage traffic for a certain IP address and testing the results using iperf. The rate that iperf reports is much higher than the rate I have configured for the HTB qdisc. It''s probably just some newbie trap that''s messing things up but I''m buggered if I can see it. The following script is run on the

Hello, I''ve tried to change ipt_conntrack hashsize and con under my debian charge but doesn''t work ! Ive got 2876Mb available for conntrack so I''ve done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002 But the near power of 2 is 2^16 = 131072

http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo:

Hi all I have installed vyatta system, (vyatta-livecd-vc4-alpha2.iso ) on top of Centos5. Our system requirement is, * Centos 5.1 (2.6.18-92.1.10.el5xen ) * 2 Gb RAM, * x86_64 And cpu information is as follow, [root at turtle4 ~]# cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 107 model name : AMD Athlon(tm) 64 X2 Dual Core

A friend of mine recommended checking out the Vyatta project. I was reviewing their website and saw endorsements of their product running on both Vmware and Xen. In fact, they have a Vmware virtual image and a beta XenServer image. However, I am running a typical Debian Lenny 64 DomU installed through the repositories. According to their installation documents, it states that the ISO can be

Hi All, So before when I used PIX's for my employer, our traffic was statically routed to one IP and then the firewall decided if allowed/ denied and passed it on or dropped it. I have a Comcast business circuit with 13 IP's. The gateway device they provide is a 'pass through' device. They sent traffic for all 13 IP's my way. It just allows traffic through. So if I put

I have 4 guest VMs installed on 1 host. One of them is Vyatta (VC5). Currently we are using default Xen-bridge for communication between VMs(inter-domain or intra-domain). I want to assign Vyatta(a guest VM) exclusively to replace Xen-bridging for VM to VM communication. Means the traffic sent from guest-1 to guest-2 bypass briging and route through vyatta(VM), instead of going to Dom0. As

Hi all. i'm trying to modify some parameters but when system reboots it doesn't load. For the sysctl if I run sysctl -p then it changes /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 1048576 /etc/modprobe.conf options ip_conntrack hashsize=131072 after reboot results cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 65536 cat