| |
| |
| |
|
Page: 1 2 3 4
Comments:
<0> ummm ooops
<0> sorry
<1> thats the final?
<0> http://pastebin.com/650957
<0> Ja
<0> 3rd line doesnt need -p tcp --dport 25 , as its rule before it does that already
<1> hmm, getting one error:
<0> Ja ?
<1> iptables v1.2.9: Couldn't load target `drop':/usr/lib/iptables/libipt_drop.so: cannot open shared object file
<0> which line ?
<0> -t mangle
<0> if so ... http://pastebin.com/650962
<1> y
<0> does the new revision work ?
<0> that will alter my response
<1> yes
<1> checking the syslog
<0> -t mangle just doesnt like it =P
<1> right now I'm blocking every smtp in
<0> lol
<0> you sure ...
<1> yeah, I'm blocking everything
<0> ok set DROP ...to RETURN
<0> iptables -A syn-flood-smtp -m limit --limit 60/m --limit-burst 10 -m recent --set -j RETURN
<0> iptables -A syn-flood-smtp -m limit --limit 60/m --limit-burst 60 -m recent --set -j RETURN
<0> sorry
<1> y, done
<1> burst 60?
<0> just for testing ...
<1> http://pastebin.com/650964
<1> looks ok?
<1> twice return?
<0> http://pastebin.com/650965
<0> try that ...
<1> only diff is the DROP?
<0> and --syn
<1> started
<1> should I see something dropped after the first second?
<1> s/second/minute
<1> oh, no, it works now
<0> yes it will take a while
<1> hmm, it was fast
<0> basicly abusers will get destroyed
<1> after the first 5 incoming msg they get blocked
<0> shouldnt be all messages
<1> and now they keep blocked
<0> as -j RETURN should be letting some in
<0> are you watching the smtpd log ?
<0> check to make sure it is letting some in , basicly it should be allowing 1 a sec
<1> no, they are totally blocked, but linux-kernel mails are coming
<1> so it works ;-)
<0> linux-kernel mail ?
<0> mail from localhost ? or a mailing list ?
<1> mailing list
<0> externally ?
<1> y
<0> ... kewls
<0> now you can slowly take the limit of burst down to fine tune it
<1> as I see everyting works, mails are coming, but the abusers are blocked totally
<0> yup ...
<0> =)
<1> so, once more, now I'm allowing 60 syn per minute, right?
<0> almost ...
<1> if I get +1 withing the limit, they will be RETURNed?
<0> prolly a bit more actually - considering 60 is currenlty bust , and we had to use -j RETURN
<0> so @ the moment 1 a sec or 60 for the first sec
<0> need it to be maybee about 10 =)
<0> is it nailing those nasty bastards ..
<0> 1 thing to remember is if your recent list gets full , people will start to get through if you have more than 100 @ once attacking you
<1> k
<1> I'm blocking myself right now
<0> so so how quickly it fills up
<0> lol , from wherE?
<1> externally
<0> nop robs
<1> I had ~10 messages in the queue
<0> =P no probs
<1> resent, and blocked after the first one
<0> cat /proc/net/ipt_recent/DEFAULT
<0> cat /proc/net/ipt_recent/DEFAULT | wc -l
<1> ah, there I'm
<1> 5
<0> awesome
<0> if you find it hits 100, but also is changeing what ips are in the list to quiclky , the default size can be raised
<1> ttl: 58?
<0> Time To Live
<0> packes prolly pased via 6 routers
<0> to get to its destination
<0> lol packets =)
<1> wondering why so fast got blocked
<0> lol . yeah that will do it =)_
<0> enjoy =)
<1> seems like everyone after the first message get blocked
<1> :-)
<1> one per day :-)
<0> lol how do you mean ?
<0> it shoud be still allowing real mail , while blocking bad mail right ?
<1> no
<1> I have 14 outgoing mails
<1> I'm unable to feed it to the server, because it blocks me after the first one
<0> lol ...
<0> hmmm ok
<0> well it needs some tweaking
<1> update seconds?
<0> Ja ...
<0> set it to 1
<1> 10?
<0> or try 2
<1> they are spamming, waiting...
<1> netbsd mails are coming, okay
<0> http://pastebin.com/650998
<0> try that
<0> http://pastebin.com/650999
<1> much better
<0> ;=)
<1> after 3-4 tries, they got blocked
<1> and still they are
<0> they will be
<0> for 10 secs
<0> you will need to tweak it to your likeing
<0> i bet when its blocking ... you can still send from a server your not sending from
<0> here, give me an email address on the recieving server, p.m it to mee
<0> brb
<1> cool, I'm letting in again 2 new messages
<1> then blocking for a while again
<1> well, I should measuring the time, but its something like 40 sec block, 20 secs allow
<1> the block time is too short I think
<2> heya..
<2> i'm wondering if the mac-filter automagically removes rules for non existing (or vanished) mac sources?
<3> hello, I have a problem adding a nat rule to OUTPUT chain. Can anyone help me out
<4> you need a -t nat
<4> what is the command you are running?
<3> iptables -t nat -A PREROUTING -p tcp -dport 80 --m owner -uid-owner squid -j ACCEPT
<4> I don't think -m owner works in PREROUTING
<3> This I basically copied from a tutorial. I am trying to use squid and dansguardian for content filtering for children. Thanks
<3> I basically thought of using it in OUTPUT chain but the error is " Unknown arg `-p' "
<4> I think that rule should work in OUTPUT
<3> But everytime I use it the error is is there
<4> make sure you're not mistyping, and paste the rule you're trying here
<3> The ouput is three lines. Shall I paste it here?
<4> pastebin or #flood might be better
<3> May I try one line at a time. It's only three lines
<5> We're not the ops here, but IMO 3 lines would be okay.
<3> Thanks
<5> Already did more than that talking about it :)
<3> The command I am giving is:
<3> He! He!
<3> [root@fc5host iptables]# iptables -t nat -A OUTPUT -p tcp -dport 8000 --m owner -uid-owner squid -j ACCEPT
<3> The error is:
<3> iptables v1.3.5: Unknown arg `-p'
<3> Try `iptables -h' or 'iptables --help' for more information.
Return to
#iptables
or
Go to some related
logs:
error when installing mozilla-mplayer
#gcc
#perl
#perl
LiveHTTPRequest
mzbot
zefunchat nag
#lisp
#sdl
#css
|
|