Displaying 20 results from an estimated 2000 matches similar to: "[Bug 917] New: Kernel OOPS on Kernel 3.14.2"
2019 Sep 02
2
Problem to access from Win to Win after classicupdate to Samba DC 4.10.7
Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha
scritto:
> > set 01 22:36:56 s-addc.studiomosca.net named[639]: samba_dlz:
> > cancelling transaction on zone studiomosca.net
>
> That is showing that a client isn't being allowed to update a record.
Is it possible to cure it in some way?
> > [2] ----[smb.conf]
> >
> Please do not post
2019 Apr 24
0
Iptables blocks out going connetion some times
On Wed, 24 Apr 2019 at 06:01, likun <kun.li at ucarinc.com> wrote:
> Hi?guys.
>
> There is a wierd problem with iptables recently, hopes somebody can help
> me.
>
> I have installed Centos 7.2.1511 on a bare metal Dell server these days,
> disabled firewalld and enabled iptables.services, and setup a group of very
> simple rules, as the following:
>
>
I believe
2017 Jun 26
0
Accepting RELATED, ESTABLISHED (TCP) connections into VM using Network Filters
Hi,
Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters.
My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt.
Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back
2013 Mar 20
2
netfilter+libvirt=(smth got broken?)
Hello,
I'm having problem setting up filtering traffic for a virtual machine
managed by libvirt. Strange thing is, such a setup has been working fine
for me on an older version of distro (namely, opensuse 11.3 w/updates,
kernel 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse
12.4 (kernel 3.7.10, libvirt 1.0.2).
The definition of filter in question is pretty simple:
2019 Feb 06
2
Samba and ufw
Rowland,
Did some editing in smb.conf that I had to reverse. Now I'm back to
being able to connect with the firewall disabled. When I enable the
firewall I get as far as windows network -> workgroup but no connection.
I have only the rules you recommended in your last email.
Louis,
The information you requested is below:
martin at radio:~$ dpkg -l|egrep "iptables|ufw"
ii
2019 Apr 24
2
答复: Iptables blocks out going connetion some times
Hello, Stephen, thank you for input.
Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good.
Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time.
>From the sysctl output, I suppose it can't be a conntrack table overflow :
2019 Feb 07
3
Samba and ufw
Rowland,
OK. Should I delete these lines?
diff yours mine
63d62
yours# -A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10
-j LOG --log-prefix "[UFW ALLOW] "
85,87d83
yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit
--limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] "
yours# -A ufw-before-logging-input -m conntrack
2019 Feb 07
0
Samba and ufw
On Wed, 6 Feb 2019 16:05:40 -0500
Martin McGlensey via samba <samba at lists.samba.org> wrote:
> Rowland,
>
> Did some editing in smb.conf that I had to reverse. Now I'm back to
> being able to connect with the firewall disabled. When I enable the
> firewall I get as far as windows network -> workgroup but no
> connection. I have only the rules you recommended in
2019 Apr 24
2
Iptables blocks out going connetion some times
Hi?guys.
There is a wierd problem with iptables recently, hopes somebody can help me.
I have installed Centos 7.2.1511 on a bare metal Dell server these days,
disabled firewalld and enabled iptables.services, and setup a group of very
simple rules, as the following:
# iptables-save
# Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT
2020 Apr 18
4
[Bug 1423] New: iptables-translate silently discards --ctstate DNAT
https://bugzilla.netfilter.org/show_bug.cgi?id=1423
Bug ID: 1423
Summary: iptables-translate silently discards --ctstate DNAT
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: iptables over nftable
2013 Nov 23
1
[Bug 874] New: Any conntrack conditions specified with --ctstate INVALID are not checked
https://bugzilla.netfilter.org/show_bug.cgi?id=874
Summary: Any conntrack conditions specified with --ctstate
INVALID are not checked
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: iptables
AssignedTo:
2019 Feb 07
0
Samba and ufw
Yes,
Try this ( copy past-able. )
ufw disable
ufw reset
ufw limit 22/tcp
ufw allow in proto tcp from any port 389,1024:65535 to any port 1024:65535
ufw allow 139,445/tcp
ufw allow 137,138/udp
ufw --force enable
Sorry for the late reply, but im bit busy with some servers here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org]
2019 Feb 12
1
Samba and ufw (Martin McGlensey)
Louis,
Made the changes. Still unable to mount office. Firewall also blocks
Thunderbird mail and maybe internet. Will check that more fully
later.Any thoughts ob Tony's response?
Outputs:
martin at radio:/etc$ sudo apt-get install ufw
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no
2013 Jun 21
0
[Bug 696] Extra tcp options for REJECT --reject-with tcp-reset-both / tcp-reset-destination
https://bugzilla.netfilter.org/show_bug.cgi?id=696
--- Comment #3 from Alessandro Vesely <vesely at tana.it> 2013-06-21 15:50:56 CEST ---
(In reply to comment #2)
> you have to put this REJECT rule before any RELATED/ESTABLISHED
> conntrack ctstate match rules (which is suboptimal).
No, I can use conntrack -D to have the connection unESTABLISHED.
In general, it is polite to send a
2011 Apr 02
2
[Bug 712] New: iptables-save does not save correcly rateest bps parameter
http://bugzilla.netfilter.org/show_bug.cgi?id=712
Summary: iptables-save does not save correcly rateest bps
parameter
Product: iptables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: unknown
AssignedTo:
2017 Mar 28
2
SipVicious scans getting through iptables firewall - but how?
My firewall and asterisk pjsip config only has "permit" options for my
ITSP's (SIP trunk) IPs.
Here's the script that sets it up.
--------------------------------------------------
#!/bin/bash
EXIF="eth0"
/sbin/iptables --flush
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m
2017 Apr 15
0
connection state tracking with DNS [was Primary DNS...]
On 04/11/2017 04:16 PM, Alice Wonder wrote:
> Hi, I would like to see this addressed.
> Is there a firewalld solution to this issue?
Yes:
# Disable connection tracking for UDP DNS traffic
#
https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m
conntrack --ctstate UNTRACKED -j ACCEPT
firewall-cmd
2019 Feb 05
0
Back to c7 and firewalld
If I've missed someone's response, apologies.
As I said, my converted rules seem fine, and I can run the script that
issues a bunch of direct rules for the built-in FORWARD rule... but when I
try firewall-cmd --reload, it tells me error, that FORWARD is a built-in.
Now, today, what I've been looking at is to run iptables-save, and what I
see is this (in part):
-A FORWARD -m conntrack
2020 Sep 09
2
Network update disrupts network usage
Dear libvirt users,
I am encountering problems with network connections from VMs while
running net-update on the host. I would be very grateful for
suggestions of fixes or workarounds.
I am using libvirt in the context of an automated test system which
creates and destroys VMs fairly rapidly, hence network updates occur
often.
## Reproducer
The issue can be reproduced as follows.
Run in a VM:
2015 Dec 29
1
Firewall trouble?
Alright, I have setup the new rules and am waiting to see if I have any
issues. If I do, I will keep working on it. I also read the article
below, which mentions exactly what you I was told about 2008 and newer
using different ports.
https://support.microsoft.com/en-us/kb/929851
Here is the new configuration:
root at dc01:~# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -m