similar to: Adding ndpi-netfilter rules

Hi all, I have tried to figure out how to do this one but I think I have just confused myself more. My firewall is a 2 interface setup, the same box is my router to my uplink. I''m not using nat at all and have a public IP range behind this machine. net = eth0 loc = eth1 Most of my rules are mainly the basic HTTP(ACCEPT) net loc:111.111.111.112 SMTP(ACCEPT) net

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

Hi all. There is an interesting project that was called opendpi (originally by ipoque GmbH) and recently been forked and maintained by the ntop guys under the nDPI label. It offers a new and currently maintained layer 7 (L7) packet identification library. It could definitely benefit from more eyes and development effort, but at present it gives much better breakdown of traffic for ntop

This problem probably has a simple solution, so I''m hoping the experienced shorewall users can help me. I''ve got a 3-interface (net,dmz, & loc) firewall and have several apache2 virtual web sites in the dmz. They come into 1 apache server in the dmz, and are redirected with the directive "ProxyPass" and "ProxyPassReverse" in my Apache

I''m trying to enable tftp traffic initiated from our dmz network to our internal network. I have: TFTP(ACCEPT) dmz loc:10.10.10.1 in /etc/shorewall/rules, and: oadmodule nf_conntrack_tftp in /etc/shorewall/modules. The module is loaded and I do see some entries come and go, e.g.: udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED]

Hi Has anybody tried to combine shorewall (instead of iptables) with packetfence? /Göran ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and

I have been working for quite some time building nDPI iptables module from vel21ripn for many Linux distributions and I just finished couple basic tests on the module for CentOS 7 and I am quite satisfied. I am looking for other CentOS 7 admins who will want to test this iptables module. More details are at: https://github.com/vel21ripn/nDPI/issues/18 Thanks, Eliezer ---- Eliezer Croitoru Linux

In working through an IPv6/TPROXY issue I had, I believe I found a documentation bug: http://www.shorewall.net/manpages6/shorewall6-tcrules.html In the ACTION section, for part 12. SAME: The documentation lists: #ACTION SOURCE DEST PROTO DEST # PORT(S) SAME:P 192.168.1.0/24 0.0.0.0/0 tcp

I''m a big fan of New Relic. One of the services they provide is alerts when your traffic goes up unexpectedly above a predetermined level. Does anyone have a favorite, inexpensive "traffic alert" tool that can be used on a small site--a site that''s not yet big enough for monthly payments of $150 for New Relic Silver (or even the $36 price tag for New Relic Silver on

I had installed puppet master and client on two different machines. machine A has puppet master and machine B has client. both are centos6 64 bit machines. Machine B (client) is successfully connected to master (machine A). My aim is to install New Relic agent (server monitorinig tool) on different clients. I had installed new relic agent on machine A and trying to build a module so that I

Hi everyone, Here are the manifest I am using: In file ''*modules/test/manifest/init.pp*'': class test ( $test = undef, ) { notice("Here is the message: ${test}") } Now in ''*modules/saas/manifests/client/sudo.pp*'': class saas::client::sudo { class { ''test'': } } Now in ''*manifests/sites.pp*'': import

Hi, I''ve been confused about the purpose of _marker in dragdrop.js for quite a while. It doesn''t really look like it does anything with ghosting on or off. I removed the mark method and didn''t discover any problems. Is all the mark business a relic from some past idea? Thanks, Peter

Hi, Not much left to fix in my migration script (moving between two dovecot servers). However, I discovered a mail folder .INBOX without cur, new and tmp subfolders, and the .imap.index files were rather old (feb 2006). Is this an old relic from early dovecot versions (I once ran 0.99 on this old server)? Or is it old client software? There are no data in it. TIA, Peter -- Peter Lindgren

Hi, All, My understanding is u32 filter is very powerful filter and could do anything about IP header filtering, then why do we sometimes use netfilering in IPtables? One advantege I guess is in netfilering, there is usage counter? Are there other advantges using netfilter (such as delay, flexibility)? What is the disadvantages to us Netfilter? In summary, what are the considerations to select

Hello I'm reading http://llvm.org/docs/SourceLevelDebugging.html and some things aren't clear. There are a couple of references made to %llvm.dbg.variable, which isn't defined anywhere. It it an intrinsic? A global? Could it be a relic from the old debug info docs (where it *is* defined?). The same goes for llvm.dbg.derivedtype and llvm.dbg.subrange which are also referenced but not

A couple of days ago I launched Rails Kits (http://railskits.com/), a place to get ready-made Rails code so you can get your projects done faster. The first Kit is the SaaS Rails Kit (http://railskits.com/ saas/), which will save you the pain of writing recurring billing and account management code for your subscription-based site. Check out my blog post on the release for more info:

Have any of you actually bought & used the Rails SaaS kit? I am considering getting it to skip building out the admin & billing parts but I wanna get feedback from someone who has actually used it. Would you recommend getting the kit? Would you rather get a refund and built it yourself? ~ mel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are

Hi all- In migrating from 3.0.2 to 3.0.8 on a box that's an ADS domain member, I had a relic line in smb.conf like this: winbind separator char = - With 3.0.2, users connecting wouldn't have a domain and separator char component, so spnego kerberos replies to the 2003 domain controller would be fine. In 3.0.8, users connections would have the domain and separator char for spnego

Several instruction classes override getType() when the instruction always creates a particular type of value. For example, the result of insertelement is always a vector, so InsertElementInst overrides getType() to return a VectorType*. This makes perfect sense. However, ExtractValueInst and InsertValueInst override getType() to return a PointerType*, which does not make sense and is

Knowing very little about Basic Rate ISDN and having spent the last couple of hours educating myself, I thought I would seek some more informed comment. Please go easy if this is blindingly obvious :) I have a ZyXEL Prestige 100 ISDN Router, a stand alone relic from when we used to access the Net via ISDN. It has an ISDN BRI input, a 10BaseT ethernet connector, an RS232 connector for