similar to: [Fwd: Re: Shorewall 1.4.6: common chain rules are applied before policyrules?]

Hi- I'm wrestling with some of my data apparently not being called into a GLM or an LM. I'm looking at factors affecting fish annual catch rates (ie. CPUE) over 30 years. Two of the factors I'm using are sea surface temperature and sea surface temperature anomaly. A small sample of my data is below: CPUE Year Vessel_ID Base_Port Boat_Lgth Planing SST Anomaly 0.127

My Asterisk has started *frequently* segfaulting during IVR and voicemail activity -- it'll be playing a prompt gsm file to a caller and it'll just die (segfaulting, naturally dropping the caller) with no rhyme or reason. I've run gdb on four different core files and each one shows the reason for the segfault to be the following: #0 0x45df8b24 in Gsm_Short_Term_Synthesis_Filter

Hi every body. I'm having difficulties to setup my filters correctly and I really need some help. This is my environment: Mail that is received on the system passes through a sieve_before script that checks the message header for SPAM tag and store it into the "Junk" folder. If no spam tag is found, mail goes to inbox. My horde webmail is integrated with sieve, so this allow

Quoting Robert Schetterer <rs at sys4.de>: > Am 12.09.2016 um 15:07 schrieb Andre Luiz Paiz: >> Hi everybody. I'm having difficulties to setup my filters correctly and >> I really need some help. >> >> This is my environment: >> >> Mail that is received on the system passes through a sieve_before script >> that checks the message header for

The current Shorewall release model has the following characteristics: a) The last two major releases are supported. b) Only the latest major release is actively developed. c) Bug fixes are available for the prior major release but only against the last minor release. d) The last major release is advertised as the "Current Release". I''m thinking of switching to a model that

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Harald Welte just announced that the 2.6 Kernels will not support the ''unclean'' match extension except via Patch-O-Matic. Since I have a polciy of not supporting Netfilter features that are only available in P-O-M, I will be removing the ''logunclean'' and ''dropunclean'' interface options from Shorewall. In 1.4.7, a warning will be issued if

Hi, all: This is just a note and suggestion, not a question; but I really like this system and thought it might be useful to others so I decided to share. Hope it helps someone, and comments or suggestions are always welcome. 1. Overview: Shorewall accepts traffic on ports that I consider "hostile" (i.e. ports on which I would NEVER expect to see connections) and redirects

Hello! We''re using Shorewall 1.4.2 and running into an interesting problem when we try to enable logging of traffic that netfilter classifies as "related" to an existing connection: there doesn''t seem to be a way to do it. Places where we''ve run into this problem are: (1) Attempting to log individual active or passive FTP data connections separately from

Dear group members. I work with Dovecot and Openldap authentication. Sometimes users change departments and we need to alter their homedir location. Every time this process is needed, I perform this steps: 1 - Change homedir location in openldap 2 - Move homedir folder to the new location 3 - Re-apply permissions 4 - Remove user index folder After I do that, users cannot authenticate unless

e.g. string-matching CodeRed or Nimda viruses before they hit your Web server. The following rules achieve this: # DROP HTTP packets related to CodeRed and Nimda # viruses silently iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \ --string "/default.ida?" -j DROP iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \

In the docs at http://www.shorewall.net/Shorewall-perl.html, "Your ipsets must be loaded before Shorewall starts. You are free to try to do that with the following code in /etc/shorewall/start" implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts. In the default /etc/shorewall/start # /etc/shorewall/start # # Add commands below that you want to be

If any of you have been so bold as to install the Shorewall CA Certificate in your browser(s), the current certificate will expire on 11/13. There is a new 10-year certificate available for installation at: http://lists.shorewall.net/Shorewall_CA_html.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

-- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm at mindrot.org> | works of Shakespeare. Now, thanks to the Internet, / | we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org ---------- Forwarded message ---------- Date: Tue, 14 Nov 2000 16:33:18 +0100 From: System

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

hi, there is no support for patch-o-matic netfilter modules. what i have to do if i want to use several patch-o-matic modules? which parts of code has to be changed and will that changed be included into the main shorewall tree in future or not? best regards claus

Hi list, Despite the question I asked last time (I will re-install the FC3 with Samba 3.0.14a on another computer for replacement soon), I still have one more question on Excel files. I found that Excel file opening is extremely slow (especially on slow connections, i.e. VPN). The case is really bad, it takes around 2 mins to open a excel file of around 400k. Actually we got both side having

Hi All, I have a question regarding LLVM backend. I appreciate a lot if anyone can provide some hints. My work here is to avoid base+index address mode for X86 target, to allow base-register only or index-register only address mode. For example, "mov (%rsi), %rbx" is allowed, but "mov (%rsi, %rax), %rbx" is not allowed. I understand LLVM backend is a complex system. Can any

I'm not sure exactly what you're after. I was under the impression that you want to know which register is live at a specific point (an instruction). If that's the case, how do one of the two suggested solutions not suffice? If a register is live-in to a block and not killed before your instruction or it has a def and no kill within the block, it is live. Otherwise it is dead and

Hi Bruce, Thanks for you reply. I check the *.td files under the lib/Target/X86 folder, but have not got interesting findings. It requires some knowledge of LLVM backend to fully understand the *.td files. I will get some background and keep searching. Of course I appreciate if anyone with such experience can point the concrete locations. Regards, Hu Hong On 17 October 2016 at 22:20, Bruce