similar to: Traffic shaping on CentOS

On 15/12/17 07:05, Kenneth Porter wrote: > I came across this on the Fedora devel list. I added > /etc/sysctl.d/51-bufferbloat.conf containing the suggested line and it > installs the new codel qdisc as desired. There's probably more knobs > that might be useful to tweak but this makes a good start. More reading > on the bufferbloat site suggests that the later "cake"

I have long included tinc in the cerowrt project as a lighter weight, meshy alternative to conventional vpns. I sat down a few days ago to think about how to make vpn connections work better through fq_codel, and decided I should maybe hack on a vpn to do the job. So I picked up tinc's source code for the first time, got it working on IPv6 as a switch in a matter of minutes between two

On Wed, Dec 3, 2014 at 4:02 AM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Wed, Dec 03, 2014 at 12:07:59AM -0800, Dave Taht wrote: > > [...] >> https://github.com/dtaht/tinc >> >> I successfully converted tinc to use sendmsg and recvmsg, acquire (at >> least on linux) the TTL/Hoplimit and IP_TOS/IPv6_TCLASS packet fields, > > Windows does not have

Dave Taht, on Wed 02 Dec 2015 14:13:27 +0100, wrote: > More recently Tom Herbert was working on udp encapsulation methods in > the kernel "foo over udp" > > https://www.netdev01.org/docs/herbert-UDP-Encapsulation-Linux.pdf > > https://lwn.net/Articles/614348/ > > which preserve things important at high rates like GRO/GSO. Yes, FOU will probably get the highest

I came across this on the Fedora devel list. I added /etc/sysctl.d/51-bufferbloat.conf containing the suggested line and it installs the new codel qdisc as desired. There's probably more knobs that might be useful to tweak but this makes a good start. More reading on the bufferbloat site suggests that the later "cake" module will be even better, but it requires a newer kernel

I know people must be doing something to manage iptables, but I haven''t been able to find anything yet. ( My google-fu must be weak today. ) What are you using to manage your iptables? -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--

On Mon, Jan 5, 2015 at 7:10 AM, Lance Fredrickson <lancethepants at gmail.com> wrote: > Just wanted to pop in and say I think 1.1pre11 is a really good release. > I have a couple nodes behind a work firewall (sonicwall) over which I have > no control. Previously nodes always fell back to TCP, and the connection > was unusable. Now it always connects over UDP and works like it

On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

With pleasure we announce the release of tinc version 1.1pre11. Here is a summary of the changes: * Added a "network" command to list or switch networks. * Switched to Ed25519 keys and the ChaCha-Poly1305 cipher for the new protocol. * AutoConnect is now a boolean option, when enabled tinc always tries to keep at least three meta-connections open. * The new protocol now

I need a decent, easy, firewall on Centos. This is for test systems, so I do not need a lot. For 'a lot', I use and Astaro firewall. I had used Firestarter once, but found out that it cannot handle routing between a public and private network. Basically saying this is impossible. Of course, if your private network is addressed per RFC 1918 (that I co-authored), I can understand

On Wed, Nov 20, 2013 at 07:16:33AM -0800, Eric Dumazet wrote: > On Wed, 2013-11-20 at 10:58 +0200, Michael S. Tsirkin wrote: > > On Tue, Nov 19, 2013 at 02:00:11PM -0800, Eric Dumazet wrote: > > > On Tue, 2013-11-19 at 23:53 +0200, Michael S. Tsirkin wrote: > > > > > > > Which NIC? Virtio? Prior to 2613af0ed18a11d5c566a81f9a6510b73180660a > > > >

On Wed, Nov 20, 2013 at 07:16:33AM -0800, Eric Dumazet wrote: > On Wed, 2013-11-20 at 10:58 +0200, Michael S. Tsirkin wrote: > > On Tue, Nov 19, 2013 at 02:00:11PM -0800, Eric Dumazet wrote: > > > On Tue, 2013-11-19 at 23:53 +0200, Michael S. Tsirkin wrote: > > > > > > > Which NIC? Virtio? Prior to 2613af0ed18a11d5c566a81f9a6510b73180660a > > > >

On 1/9/20 2:08 AM, Pete Biggs wrote: >> Has anyone created a fail2ban filter for this type of attack? As of >> right now, I have manually banned a range of IP addresses but would >> like to automate it for the future. >> > As far as I can see fail2ban only deals with hosts and not networks - I > suspect the issue is what is a "network": It may be obvious to

On Tue, Nov 19, 2013 at 02:00:11PM -0800, Eric Dumazet wrote: > On Tue, 2013-11-19 at 23:53 +0200, Michael S. Tsirkin wrote: > > > Which NIC? Virtio? Prior to 2613af0ed18a11d5c566a81f9a6510b73180660a > > it didn't drop packets received from host as far as I can tell. > > virtio is more like a pipe than a real NIC in this respect. > > Prior/after to this patch,

On Tue, Nov 19, 2013 at 02:00:11PM -0800, Eric Dumazet wrote: > On Tue, 2013-11-19 at 23:53 +0200, Michael S. Tsirkin wrote: > > > Which NIC? Virtio? Prior to 2613af0ed18a11d5c566a81f9a6510b73180660a > > it didn't drop packets received from host as far as I can tell. > > virtio is more like a pipe than a real NIC in this respect. > > Prior/after to this patch,

On 12/15/2017 4:10 AM, Fabian Arrotin wrote: > I don't know your full requirements, but in the past for simple QoS gw I > used FireQOS > It's part ofhttps://firehol.org/ , but can be used without firehol so > in parallel of your own iptables rules That looks nice. It appears to be a declarative front-end to tc that eliminates some of the boilerplate like setting defaults.

Hello, I see manage of firewall in CentOS (called security), and seems difficult to manage, not enough powerful. I am searching a middle term between scripts of iptables to manage and Security manager of CentOS. I know FireStarter, another similar? -- Devel in Precio http://www.pas-world.com

On Wed, Dec 3, 2014 at 6:17 AM, David P. Reed <dpreed at reed.com> wrote: > Tor needs this stuff very badly. Tor has many, many problematic behaviors relevant to congestion control in general. Let me paste a bit of private discussion I'd had on it in a second, but a very good paper that touched upon it all was: DefenestraTor: Throwing out Windows in Tor

Dear latex/R-Sweavers, Using the codel below, I can color text in individual cells for latex output. Is there a similar way to get a background shading? My attempts failed because I did not get the closing brace at the right place with Hmisc/latex. library(Hmisc) x <- as.data.frame(diag(rnorm(3),nrow=3)) cellTex <- matrix(rep("", NROW(x) * NCOL(x)), nrow=NROW(x)) cellTex[2,2]