similar to: iptables 1.3.7, kernel 2.6.19, ROUTE and Layer7 issues

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=490 netfilter@linuxace.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter@linuxace.com Status|NEW |RESOLVED Resolution|

hi, i try use iptables connlimit, # iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j DROP iptables: Unknown error 4294967295 where is problem ? thanks # rpm -qa | grep iptables iptables-1.3.5-4.el5 # uname -a Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686 i686 i386 GNU/Linux

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network? For exemple: I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP

Hi, I''ve been wondering if anyone has thought of a way to differentiate between an established http download and interactive http traffic? I would like to give interactive http traffic priority over someone downloading large files. Has anyone any ideas how to detect packets that are part of a download like this? Thanks. _______________________________________________

Hi all, i need advice how can i limit ip_conntrack per IP. clients of network that i support often uses torrent , DC++ , eMule clients and i have lost packages because they open too many ports. i have traffic control limits but this obviously isn''t enough Any advance how to prevent server from this kind problems will be welcome. Best regards Emil

http://bugzilla.netfilter.org/show_bug.cgi?id=623 Summary: ipt_ROUTE incompatible with linux >= 2.6.31 Product: netfilter/iptables Version: patch-o-matic-ng Platform: All OS/Version: All Status: NEW Severity: minor Priority: P4 Component: netfilter hooks AssignedTo: laforge at netfilter.org

Hello all, I got this problem while trying to shape traffic with iptables MARK and HTB. MARK: targinfosize 8 != 4 --set-mark gives "invalid argument" error message. Kernel version is 2.4.29 (some patches from patch o matic applied) Iptables version 1.3.4 Intel x86 architecture. I saw this problem discussed in a few places, but the discussions didn''t come to a conclusion

Greetings folks, I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module. Is connlimit included by default? I thought it is since performing # iptables -m connlimit --help returns information on connlimit usage along with the general iptables help info: <SNIP> connlimit v1.2.11 options: [!]

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Hi, I have many example of HTB GUI . All is already well developed, which discussed in this link. However, can anyone teach me what software to use to build a own web based GUI HTB software in Fedoracore ( Linux based) ? Thanks Regards Alan _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl

Hello, I am fitting a coxph model with factors. I am running into problems when using 'survfit'. I am unsure how R is treating the factors when I fit, say: > DATA<-data.frame(time.sec,done,f.pom=factor(f.pom),po,vo) > final<-coxph(Surv(time.sec,done)~f.pom*vo+po,data=DATA) > final.surv<-survfit((final), individual=T,conf.type="log-log")

H, I am using libvirt from maven using a nexus proxy pointing to http://www.libvirt.org/maven2/ It downloads the jar fine but is expecting libvirt-0.5.1.pom (and ...sha1). In the proxy only the jar appears. When I download and rename the pom to my local .m2 cache my build works fine. Is this a bug in the distribution of libvirt in its maven repo or is my dependency wrong somehow? Kind regards,

Would someone please explain to me the difference in effect between the following two IPTABLES conditions and the significance thereof in concurrent connection limiting? --tcp-flags SYN,ACK,FIN,RST SYN -j REJECT \ --connlimit-above 3 --connlimit-mask 32 --state NEW -j REJECT \ --connlimit-above 3 --connlimit-mask 32 -- *** e-Mail is NOT a SECURE channel *** Do

Hi I am try to write rpm spec for install tomcat on a linux machine.But while build the rpm i found following error + /usr/lib/rpm/find-debuginfo.sh --strict-build-id /home/rpmbuild/BUILD/Install_tomcat-1.0 extracting debug info from /home/rpmbuild/BUILDROOT/Install_tomcat-1.0-1.el6.x86_64/usr/local/jdk1.7.0_13/lib/visualvm/profiler/lib/deployed/jdk16/linux-amd64/libprofilerinterface.so ***

Hi everyone, I see that shorewall has "ratelimit" but i''m interested in deny conexions by number of them, not by number/sec. Is connlimit feature supported by shorewall? Or maybe someone have an extraofficial patch for them? Regards, Angel Mieres ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT

I had problems with 2.6.19 kernel, appears to be some "binaries" problems about iptables and kernel modules, then I pass to try the 2.6.18.3 kernel to tests some things. When I put -j ROUTE into -t mangle table and PREROUTING chain, I have no problems, but when I try -j ROUTE into POSTROUTING chain, my system loss all network access (and it is posible it crash, I''m not there to

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=467 mateusz@kaduk.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From mateusz@kaduk.net 2006-10-01