Displaying 20 results from an estimated 800 matches similar to: "[Bug 733] New: ipset restore won't restore from output of ipset save"
2013 May 13
2
[Bug 819] New: ipset create setname timeout 2147484 records greater timeout
https://bugzilla.netfilter.org/show_bug.cgi?id=819
Summary: ipset create setname timeout 2147484 records greater
timeout
Product: ipset
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: default
AssignedTo:
2019 Apr 26
2
faI2ban detecting and banning but nothing happens
On Saturday 20 April 2019 00:32:43 Pete Biggs wrote:
> What ban action do you use? If it's something like iptables-multiport,
> then I wonder if the fact that it's detecting the failures as
> '[dovecot]' means that it's using the dovecot ports, not the exim
> ports, when applying the iptable rule.
>
> When a host has been banned, can you look at the
2017 Jul 19
3
under some kind of attack
Hi Robert,
On 07/18/2017 11:43 PM, Robert Schetterer wrote:
> i guess not, but typical bots arent using ssl, check it
>
> however fail2ban sometimes is to slow
I have configured dovecot with
auth_failure_delay = 10 secs
I hope that before the 10 sec are over, dovecot will have logged about
the failed login attempt, and fail2ban will have blocked the ip by then.
MJ
2019 Apr 19
2
faI2ban detecting and banning but nothing happens
On Friday 19 April 2019 15:19:26 Pete Biggs wrote:
> > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested
> > on another page:
>
> The standard exim.conf already has a 535 filter. Was that not working
> for you?
I was following the instructions as shown on the page. I did find after
sending my post that there was already a regex in the standard
2016 Dec 09
4
[Bug 1101] New: SET target unreliable in iptables - add does not work as expected
https://bugzilla.netfilter.org/show_bug.cgi?id=1101
Bug ID: 1101
Summary: SET target unreliable in iptables - add does not work
as expected
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
2013 Dec 03
8
[Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.
https://bugzilla.netfilter.org/show_bug.cgi?id=880
Summary: ipset doesn't refresh the timeout for an existing
entry when the table is FULL.
Product: ipset
Version: unspecified
Platform: x86_64
OS/Version: Fedora
Status: NEW
Severity: normal
Priority: P5
Component: default
2013 Aug 12
2
[Bug 840] New: Specifying CIDR when adding to a hash:ip entry is silently ignored
https://bugzilla.netfilter.org/show_bug.cgi?id=840
Summary: Specifying CIDR when adding to a hash:ip entry is
silently ignored
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P5
Component: default
AssignedTo:
2012 Sep 30
12
shorewall dynamic zones confusion
Hi,
I''ve been successfully using shorewall in our K12 school since the 2.x
days initially on Mandrake and now on Debian. Because of that my config
has got quite complicated. The firewall has a working MultiISP setup
with four interfaces (I''ve renamed them with udev to easy their
identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers
(the one on dnt-if) is a DSL
2019 Oct 08
2
[Bug 1369] New: ipset save|list -sorted sorts alphabetically instead of naturally
https://bugzilla.netfilter.org/show_bug.cgi?id=1369
Bug ID: 1369
Summary: ipset save|list -sorted sorts alphabetically instead
of naturally
Product: ipset
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
2023 Oct 25
4
[Bug 1719] New: ipset wrongly blocking undefined ranges and not blocking ranges that are defined
https://bugzilla.netfilter.org/show_bug.cgi?id=1719
Bug ID: 1719
Summary: ipset wrongly blocking undefined ranges and not
blocking ranges that are defined
Product: ipset
Version: unspecified
Hardware: All
OS: RedHat Linux
Status: NEW
Severity: critical
Priority: P5
2023 Dec 05
3
[Bug 1726] New: invalid json generated by ipset list -output json
https://bugzilla.netfilter.org/show_bug.cgi?id=1726
Bug ID: 1726
Summary: invalid json generated by ipset list -output json
Product: ipset
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: trivial
Priority: P5
Component: default
Assignee:
2005 Aug 15
11
Hardware Configuration Ideas
Hey guys,
I am planning to buy some components for a Linux router that will handle the
Internet access of 200 computers (includes tc shaping) and some inter
sub-network routing (at least 100MBps per eth - and there are 3 eth cards).
I was thinking of a:
Pentium 4 - 3GHz
256 or 512MB RAM
Network Cards.
Now - I wonder what is more important: the processor speed or the amount of
RAM.
And can you
2007 Nov 19
15
Unexpected results using HTB qdisc
Hi All,
I am using the script below to limit download rates and manage traffic for a certain IP address and testing the results using iperf. The rate that iperf reports is much higher than the rate I have configured for the HTB qdisc. It''s probably just some newbie trap that''s messing things up but I''m buggered if I can see it.
The following script is run on the
2007 Apr 18
1
Can''t change ipt_conntrack hashsize under debian sarge ???
Hello,
I''ve tried to change ipt_conntrack hashsize and con under my debian
charge but doesn''t work !
Ive got 2876Mb available for conntrack so I''ve done (according to some
previous mail and this
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt)
CONNTRACK_MAX = 2876 * 64 = 184064
HASHSIZE = 2876 * 8 = 23002
But the near power of 2 is 2^16 = 131072
2010 Mar 11
2
[Bug 640] New: ipset-4.2 : ipset -T <some_setlist> <address> always negative
http://bugzilla.netfilter.org/show_bug.cgi?id=640
Summary: ipset-4.2 : ipset -T <some_setlist> <address> always
negative
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: default
AssignedTo:
2008 Sep 13
3
Problem to run 4 virtual machines at a time.
Hi all
I have installed vyatta system, (vyatta-livecd-vc4-alpha2.iso ) on top of
Centos5.
Our system requirement is,
* Centos 5.1 (2.6.18-92.1.10.el5xen )
* 2 Gb RAM,
* x86_64
And cpu information is as follow,
[root at turtle4 ~]# cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 107
model name : AMD Athlon(tm) 64 X2 Dual Core
2009 Nov 11
5
Vyatta ISO in DomU
A friend of mine recommended checking out the Vyatta project. I was
reviewing their website and saw endorsements of their product running on
both Vmware and Xen. In fact, they have a Vmware virtual image and a beta
XenServer image.
However, I am running a typical Debian Lenny 64 DomU installed through the
repositories. According to their installation documents, it states that
the ISO can be
2009 Oct 05
5
More about firewalling
Hi All,
So before when I used PIX's for my employer, our traffic was
statically routed to one IP and then the firewall decided if allowed/
denied and passed it on or dropped it.
I have a Comcast business circuit with 13 IP's. The gateway device
they provide is a 'pass through' device. They sent traffic for all 13
IP's my way. It just allows traffic through. So if I put
2009 May 18
1
Fw: Vyatta VC5 inplace of Xen-bridging.
I have 4 guest VMs installed on 1 host. One of them is
Vyatta (VC5). Currently we are using default Xen-bridge for
communication between VMs(inter-domain or intra-domain).
I want to assign Vyatta(a guest VM) exclusively to replace Xen-bridging for VM to VM communication.
Means the traffic sent from guest-1 to guest-2 bypass briging and route through vyatta(VM), instead of going to Dom0.
As
2011 May 13
2
Modify Parameters at system boot
Hi all.
i'm trying to modify some parameters but when system reboots it doesn't
load. For the sysctl if I run sysctl -p then it changes
/etc/sysctl.conf
net.ipv4.netfilter.ip_conntrack_max = 1048576
/etc/modprobe.conf
options ip_conntrack hashsize=131072
after reboot results
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536
cat