similar to: iptables 1.3.7, kernel 2.6.19, ROUTE and Layer7 issues

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=490 netfilter@linuxace.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter@linuxace.com Status|NEW |RESOLVED Resolution|

hi, i try use iptables connlimit, # iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j DROP iptables: Unknown error 4294967295 where is problem ? thanks # rpm -qa | grep iptables iptables-1.3.5-4.el5 # uname -a Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686 i686 i386 GNU/Linux

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network? For exemple: I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP

Hi, I''ve been wondering if anyone has thought of a way to differentiate between an established http download and interactive http traffic? I would like to give interactive http traffic priority over someone downloading large files. Has anyone any ideas how to detect packets that are part of a download like this? Thanks. _______________________________________________

Hi all, i need advice how can i limit ip_conntrack per IP. clients of network that i support often uses torrent , DC++ , eMule clients and i have lost packages because they open too many ports. i have traffic control limits but this obviously isn''t enough Any advance how to prevent server from this kind problems will be welcome. Best regards Emil

http://bugzilla.netfilter.org/show_bug.cgi?id=623 Summary: ipt_ROUTE incompatible with linux >= 2.6.31 Product: netfilter/iptables Version: patch-o-matic-ng Platform: All OS/Version: All Status: NEW Severity: minor Priority: P4 Component: netfilter hooks AssignedTo: laforge at netfilter.org

Hello all, I got this problem while trying to shape traffic with iptables MARK and HTB. MARK: targinfosize 8 != 4 --set-mark gives "invalid argument" error message. Kernel version is 2.4.29 (some patches from patch o matic applied) Iptables version 1.3.4 Intel x86 architecture. I saw this problem discussed in a few places, but the discussions didn''t come to a conclusion

Greetings folks, I've been researching the various iptables modules that are included with the stock CentOS4 distro; particularly the connlimit module. Is connlimit included by default? I thought it is since performing # iptables -m connlimit --help returns information on connlimit usage along with the general iptables help info: <SNIP> connlimit v1.2.11 options: [!]

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Hi, I have many example of HTB GUI . All is already well developed, which discussed in this link. However, can anyone teach me what software to use to build a own web based GUI HTB software in Fedoracore ( Linux based) ? Thanks Regards Alan _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl

Hello, I am fitting a coxph model with factors. I am running into problems when using 'survfit'. I am unsure how R is treating the factors when I fit, say: > DATA<-data.frame(time.sec,done,f.pom=factor(f.pom),po,vo) > final<-coxph(Surv(time.sec,done)~f.pom*vo+po,data=DATA) > final.surv<-survfit((final), individual=T,conf.type="log-log")

Would someone please explain to me the difference in effect between the following two IPTABLES conditions and the significance thereof in concurrent connection limiting? --tcp-flags SYN,ACK,FIN,RST SYN -j REJECT \ --connlimit-above 3 --connlimit-mask 32 --state NEW -j REJECT \ --connlimit-above 3 --connlimit-mask 32 -- *** e-Mail is NOT a SECURE channel *** Do

H, I am using libvirt from maven using a nexus proxy pointing to http://www.libvirt.org/maven2/ It downloads the jar fine but is expecting libvirt-0.5.1.pom (and ...sha1). In the proxy only the jar appears. When I download and rename the pom to my local .m2 cache my build works fine. Is this a bug in the distribution of libvirt in its maven repo or is my dependency wrong somehow? Kind regards,

Hi I am try to write rpm spec for install tomcat on a linux machine.But while build the rpm i found following error + /usr/lib/rpm/find-debuginfo.sh --strict-build-id /home/rpmbuild/BUILD/Install_tomcat-1.0 extracting debug info from /home/rpmbuild/BUILDROOT/Install_tomcat-1.0-1.el6.x86_64/usr/local/jdk1.7.0_13/lib/visualvm/profiler/lib/deployed/jdk16/linux-amd64/libprofilerinterface.so ***

Hi everyone, I see that shorewall has "ratelimit" but i''m interested in deny conexions by number of them, not by number/sec. Is connlimit feature supported by shorewall? Or maybe someone have an extraofficial patch for them? Regards, Angel Mieres ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT

I had problems with 2.6.19 kernel, appears to be some "binaries" problems about iptables and kernel modules, then I pass to try the 2.6.18.3 kernel to tests some things. When I put -j ROUTE into -t mangle table and PREROUTING chain, I have no problems, but when I try -j ROUTE into POSTROUTING chain, my system loss all network access (and it is posible it crash, I''m not there to

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=467 mateusz@kaduk.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From mateusz@kaduk.net 2006-10-01