similar to: Limit icmp packet size

I''m using the following rule on 3 different systems running shorewall-4.5.18 on Gentoo: ACCEPT all all icmp - - - 10/sec:20 shorewall starts fine on 2 of the systems but on the 3rd it fails to start with the following error: iptables-restore: line 119 failed ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input /usr/share/shorewall/lib.common: line 113:

hello there, im running a 3interface inet, dmz, loc. i have some public ip addresses. one public address is the router of the provider, the second one is the linux box running shorewall. all other public interfaces are on the dmz nic with proxy-arp. now whenever i do a traceroute (the dmz boxes are windows, icmp traceroute) the very first hop gets timeout/stars, then the router of the provider

Hello, I am stumped on a problem I am having with Shorewall 2.0.1 on Mandrake 10. My setup is as follows. I have a /28 and have assiigned all ip addresses to my firewall using aliases. I am able to setup rules to allow specific traffic to specfic ip addresses on the firewall like so: ACCEPT net:w.x.y.z $FW:w.x.y.z tcp 22 This works great for TCP and UDP traffic. I can

Hi, I have a setup that consist of 2 firewalls connected over dialup and PPP. Each side of the ppp are protected by shorewall. One side of the PPP masquerades everything not addressed to the local network to its eth0 (the net). fw1 <---- ppp (dialup) -----> fw0 <----- NET When making an http request to a site on the Internet from the machine not directly connected to the net (fw1), the

I''m getting 2 or three of these a day...Any ideas ? The 192.168.250.zz is a eth0:3 on a box that currently only has eth0:1 active Dec 1 15:47:40 machine-name kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=my.real.ip.addr DST=66.228.216.22 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=12031 PROTO=ICMP TYPE=3 CODE=1 [SRC=66.228.216.22 DST=192.168.250.zz LEN=40 TOS=0x00 PREC=0x00 TTL=46

Hi, I run two live c-class subnets on the internet. Last Sunday morning I was hit with a DDoS attack and it hasn''t stopped. I made modifications on my shorewall firewall during Sunday to lesson the impact, as they were hammering me with 180k/5sec traffic both ways (inbound and outbound). One of the primary things which helped reduce their DDoS was enabling "norfc1918" on the

Hi folks, I notice recently there are a lot of this: Jan 18 20:36:22 server kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:09:6b:a5:b1:65:00:07:50:e6:9a:40:08:00 SRC=202.147.243.4 DST=202.159.252.231 LEN=576 TOS=0x00 PREC=0xC0 TTL=58 ID=62481 PROTO=ICMP TYPE=3 CODE=1 [SRC=202.159.252.231 DST=202.147.243.4 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=14923 DF PROTO=TCP SPT=80 DPT=1248 WINDOW=6432

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=37 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:52 ------- Incompatible solutions:

Hi All - I looked for mention of this in the archives but wasn''t able to find anything. This isn''t even an advanced routing question, it should be a dirt-simple, basic, no-brainer, routine routing job. But I''m not getting it! I have a Linux iptables based firewall system that is making me crazy. The gist of the problem is, even when I turn off all firewall rules

Yes, now I am dropping packets in OUTPUT chain for type 3. Initially, I implemented the chain to drop type 0 and 8. But it wont worked and the packets were hitting at firewall for multiple ICMP requests. I didn't Understand the problem. After posting here I go through all the types of ICMP types where I understand to drop packets for "Host unreachability" . Thanks for your help Mr.

https://bugzilla.netfilter.org/show_bug.cgi?id=1124 Bug ID: 1124 Summary: manual page does not describe special icmp type of 255 Product: iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: iptables Assignee:

Hello, Is it possible at all to block all users other than root from sending outbound ICMP packets on an interface? At the moment we have the following two rules in our IPtables config: iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT iptables -A OUTPUT -o eth1 -j DROP But this still allows ICMP for some reason (but *does* block other TCP/UDP packets, which is what we want, as well

Icmp sgt is correct. Note that "ugt x, 0" is the same as "x != 0" which is not what you want. -Chris On Aug 1, 2011, at 9:11 AM, Jonas Gefele <llvm.org at schrieb.de> wrote: > Hello, > > while writing a new LLVM backend I have observed that in some cases the > optimizer produces an "icmp sgt i32 %a, 0" where I would have expected an >

Hi, On 10/01/13 10:56, Alexandru Ionut Diaconescu wrote: > Hello everyone ! > > In my pass I inspect the penultimate instruction from every basic block in > runOnFunction(). I am interested in ICMP instructions only. > > |if(BB->size()>1) > if(last->getPrevNode()) > { > previous = last->getPrevNode(); > ok=1; > } > |

Hello, while writing a new LLVM backend I have observed that in some cases the optimizer produces an "icmp sgt i32 %a, 0" where I would have expected an "icmp ugt i32 %a, 0". For example when I feed "opt -O3 -S ..." (LLVM 2.9, Windows) with ------------------------------------------------------------------------ target datalayout = "E-p:32:32:32"

Am 24.02.2016 um 16:07 schrieb Sylvain CANOINE: > Hello, > > ----- Mail original ----- >> De: "John Cenile" <jcenile1983 at gmail.com> >> ?: "centos" <centos at centos.org> >> Envoy?: Mercredi 24 F?vrier 2016 15:42:36 >> Objet: [CentOS] IPtables block user from outbound ICMP > >> Is it possible at all to block all users

If I give instcombine the following IR: define i1 @f([1 x i8]* %a, [1 x i8]* %b) { %c = getelementptr [1 x i8]* %a, i32 0, i32 0 %d = getelementptr [1 x i8]* %b, i32 0, i32 0 %cmp = icmp ult i8* %c, %d ret i1 %cmp } It optimizes it into: define i1 @f([1 x i8]* %a, [1 x i8]* %b) { %cmp = icmp slt [1 x i8]* %a, %b ret i1 %cmp } Is this a bug, or are there some semantics of icmp

Hello everyone ! In my pass I inspect the penultimate instruction from every basic block in runOnFunction(). I am interested in ICMP instructions only. if(BB->size()>1) if(last->getPrevNode()) { previous = last->getPrevNode(); ok=1; } I want to get the operands of previous, which is of type Instruction*. Due tests based on getNumOperands, ICMP has 2 (as

Thanks, Dropped the ICMP type 3 port. Now question to find the cause. On Wed, Jan 6, 2016 at 6:49 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 01/06/2016 04:45 AM, Shital Sakhare wrote: > >> I have blocked icmp ports in iptables and if I execute the Ping manualy >> its >> blocking. >> > ... > >> How this can be controlled ? >>

Hi, >From last some days I am facing the unexpected huge ICMP traffic is going out from Server. I have blocked icmp ports in iptables and if I execute the Ping manualy its blocking. Some process is send this huge traffic. Below is tcpdump output. ================================ 16:23:27.817856 IP (tos 0xc0, ttl 64, id 55278, offset 0, flags [none], proto ICMP (1), length 104)