Displaying 20 results from an estimated 1000 matches similar to: "[Bug 1147] New: iptables rule to match a 'set' shows [unsupported revision]"
2011 Sep 03
3
[Bug 744] New: set:list behavior
http://bugzilla.netfilter.org/show_bug.cgi?id=744
Summary: set:list behavior
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: martinbarrowcliff
2019 Jan 14
3
CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
Hi
Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2
I use the Geolite legacy databases together with iptables 1.47 to filter traffic for a variety of ports and only allow .AU traffic to have access.
Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB to the latest version which is GeoLite2, this leaves all users in need of the old
2017 Jun 16
2
[Bug 1158] New: using old session data when piping multiple commands
https://bugzilla.netfilter.org/show_bug.cgi?id=1158
Bug ID: 1158
Summary: using old session data when piping multiple commands
Product: ipset
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: minor
Priority: P5
Component: default
Assignee: netfilter-buglog
2013 Aug 16
1
PATCH for bitmath.h: 1 typo, 1 warning
rutine -> routine
Also MSVC complains that FLAC__uint32* (unsigned int*) is not of the same type as unsigned long*
--- a\src\libFLAC\include\private\bitmath.h 2013-08-13 13:30:24.000000000 +0400
+++ b\src\libFLAC\include\private\bitmath.h 2013-08-14 10:20:51.484053700 +0400
@@ -78,12 +78,12 @@
return _bit_scan_reverse(v) ^ 31U;
#elif defined(__GNUC__) && (__GNUC__ >= 4 ||
2015 Mar 01
12
IP drop list
I wonder if there is an easy way to provide dovecot a flat text file of
ipv4 #'s which should be ignored or dropped?
I have accumulated 45,000+ IPs which routinely try dictionary and
12345678 password attempts. The file is too big to create firewall
drops, and I don't want to compile with wrappers *if* dovecot has an
easy ability to do this. If dovecot could parse a flat text file of
2014 Aug 10
3
ipset module loaded at startup on CentOS 6.5
Anybody on here successfully get ipset iptables sets to work _after_ a
reboot?
My question on StackExchange
http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade
Some of the things that need to be in place, otherwise iptables does not
load:
1.) The kernel module ip_set needs to be loaded.
2.) The "sets" need to be
2015 Feb 17
3
Using "ipset" under CentOS7
ipset on CentOS6 comes with /etc/rc.d/init.d/ipset so that "service
ipset reload" can be used to (re)load the configuration. CentOS7
doesn't come with an equivalent for systemd:
# systemctl reload ipset.service
Failed to issue method call: Unit ipset.service failed to load: No
such file or directory.
# systemctl start ipset.service
Failed to issue method call: Unit ipset.service
2016 Sep 13
2
Iptables not save rules
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of John R Pierce
> Sent: Sunday, September 11, 2016 10:44 PM
> To: centos at centos.org
> Subject: Re: [CentOS] Iptables not save rules
>
> On 9/11/2016 8:55 AM, TE Dukes wrote:
> > I have been using ipset to blacklist badbots. Works like a champ!
>
2017 Jul 19
3
under some kind of attack
Hi Robert,
On 07/18/2017 11:43 PM, Robert Schetterer wrote:
> i guess not, but typical bots arent using ssl, check it
>
> however fail2ban sometimes is to slow
I have configured dovecot with
auth_failure_delay = 10 secs
I hope that before the 10 sec are over, dovecot will have logged about
the failed login attempt, and fail2ban will have blocked the ip by then.
MJ
2010 Jun 17
4
shorewall 4.4.10 failing to start; won't recognize ipset "capability"
I have been using shorewall for years with ipsets. I have encountered a
problem after upgrading from 4.2.11 to 4.4.10. When I run
''shorewall-check'' or ''shorewall start'', it halts with the error:
----------------------------------------------------------------------
ERROR: ipset names in Shorewall configuration files require Ipset Match
in your kernel and
2011 Aug 02
3
[Bug 733] New: ipset restore won't restore from output of ipset save
http://bugzilla.netfilter.org/show_bug.cgi?id=733
Summary: ipset restore won't restore from output of ipset save
Product: ipset
Version: unspecified
Platform: All
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: default
AssignedTo: netfilter-buglog at
2016 Sep 11
2
Iptables not save rules
Hello,
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes"
IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
2013 Dec 17
1
shorewall add fails with IPSET=
Hi all
I have a CentOS6 box with shorewall-4.5.21.
If I have IPSET= in shorewall.conf and I issue the command "shorewall add
ppp:192.168.33.3 ptp", I get the error:
/usr/share/shorewall/lib.cli: line 585: [: too many arguments
ERROR: Zone ptp, interface ppp does not have a dynamic host list
The error is corrected setting the actual path to ipset in shorewall.conf,
or via the patch:
2012 Sep 30
12
shorewall dynamic zones confusion
Hi,
I''ve been successfully using shorewall in our K12 school since the 2.x
days initially on Mandrake and now on Debian. Because of that my config
has got quite complicated. The firewall has a working MultiISP setup
with four interfaces (I''ve renamed them with udev to easy their
identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers
(the one on dnt-if) is a DSL
2012 Feb 28
6
[Bug 773] New: iptables performance limits on # of rules using ipset
http://bugzilla.netfilter.org/show_bug.cgi?id=773
Summary: iptables performance limits on # of rules using ipset
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
2023 Dec 05
3
[Bug 1726] New: invalid json generated by ipset list -output json
https://bugzilla.netfilter.org/show_bug.cgi?id=1726
Bug ID: 1726
Summary: invalid json generated by ipset list -output json
Product: ipset
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: trivial
Priority: P5
Component: default
Assignee:
2014 Dec 08
2
ipset not actually blocking
i created an ipset and added 8.8.8.8 to it and used the same iptables
working all summer long but
?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or
iptables is broken.
Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and
actually tested that IP addresses that are supposed to be blacklisted are
actually blocked?
?
Filed CentOS bug report 7977
2011 Jul 25
4
ipsets
I haven''t debugged this enough to understand what is happening, but I
observe the following:
someipset = bitmap:ip,mac
1) br0:+someipset
2) br0:+someipset[2]
The first 1) doesn''t match anything in rules or tcrules, the second 2)
matches fine. (Also using +someipset[1] doesn''t match anything)
Is it possible/sensible/feasible to have shorewall figure out the
2016 Aug 20
4
What is broken with fail2ban
Hello List,
with CentOS 7.2 it is not longer possible to run fail2ban on a Server ?
I install a new CentOS 7.2 and the EPEL directory
yum install fail2ban
I don't change anything only I create a jail.local to enable the Filters
[sshd]
enabled = true
....
.....
When I start afterward fail2ban
systemctl status fail2ban is clean
But systemctl status firewalld is broken
? firewalld.service -
2019 Jan 15
2
CentOS 6.X, iptables 1.47 and GeoLite2 Country Database
On Mon, Jan 14, 2019 at 07:29:45AM +0000, Phil Perry (pperry at elrepo.org) wrote:
> On 14/01/2019 07:09, Jobst Schmalenbach wrote:
> > Hi
> I use ipdeny's aggregated country lists to do the same thing:
>
> http://www.ipdeny.com/ipblocks/data/aggregated/
>
> I just feed this data directly into ipset/iptables via a script running on
> my firewall (not a C6 box).