| |
| |
| |
|
Page: 1 2 3
Comments:
<0> hi
<1> salut, asdx.
<0> :)
<0> i have a nat computer with linux/iptables, can i block http in one of my computers (of the same network) with iptables by specifing the mac address?
<2> does anyone use hashlimit? No matter what I do, it expires entries in 10 seconds, and --hashlimit-burst is ignored and always set to 6.
<3> asdx: yes, use -m mac --mac-source $MAC
<0> k
<0> thx
<3> vandemar: do your command-line options appear in the output of iptables-save?
<2> yes
<3> what kernel?
<2> 2.6.16.16
<1> rumour has it 2.6.16.16 is stable, currently :-)
<2> smp, if it matters
<3> anything in dmesg?
<2> no
<2> -p tcp -m tcp --dport 22 -m hashlimit --hashlimit 1/sec --hashlimit-burst 8 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT
<2> even with that, I can only ssh 6 times, then packets get dropped for 10 seconds, then I can ssh another 6 times...
<2> can someone confirm that hashlimit works properly for them?
<4> hellp
<4> hello everyone here
<4> is there existe a way to add as daemon iptables on debian 3.1 sarge?
<5> 1. iptables is not a daemon, it is a means of adding rules for your netfilter drivers. 2. Sounds like a #debian question?
<4> well on redhat iptables run as daemon
<4> ej /etc/init.d iptables restart :)
<4> but on debian ???
<6> /o\
<6> nighty night
<5> No, it might look like you're starting a daemon, but it is not.
<4> rob0 good point
<5> I think Debian has /etc/init.d scripts too.
<4> rob0 well if you know where is it can you hand to me , i ll really apreciate that
<4> im having trouble with starting my firewall
<4> every time my computer restart the iptables gets down (the rules get disabled)
<5> <== Not a Debian user
<7> <== Shocked
<3> ***ydebian: I think the init script in redhat runs iptables-save rulesfile, then on start runs iptables-restore rulesfile
<3> cj: about what?
<4> any1 know how to addapt /etc/skeleton to an iptables script?
<3> what is /etc/skeleton?
<7> danieldg: rob0 not being a debian user
<5> Slackware. :)
<0> damn my isp is giving me headaches
<0> i'm getting lot of package loss
<0> packets*
<8> how can i block some http sites, for example meebo?
<8> err
<0> http access to some sites
<0> by using the mac address?
<9> don't be ridiculess
<9> MAC address is LAN only and only known to ARP and RARP protocols at TCP/IP level
<9> what do you mean block some http sites ?
<9> you mean block referers ?
<9> (other sights linking to your content directly)
<9> ???
<9> sites
<9> is that what you mean asdx ?
<0> i have a lan, a nat computer, i want to block some access to sites in one of my computers
<0> is that possible?
<9> a NAT router ?
<0> yeah
<9> are you saying you want to use iptables to block access ?
<9> from inside
<9> to outside ?
<0> yes
<9> (inside LAN)
<0> yeah
<9> no idea what your NAT router can or can't do
<10> tc qdisc add dev eth2 root handle 1: htb default 12
<10> RTNETLINK answers: Invalid argument
<10> what am I doing wrong?
<9> if it is an internet appliance like a linksys, you should really RTFM
<10> who, me?
<9> no you rude fellow
<9> the guy I was helping when you barged in
<9> asdx
<10> sorry
<0> yes?
<0> Sneaky_Bastard: i want to block some sites in one computer, and some other sites in another computer
<9> you are not answering my question
<9> you said you have a NAT router
<0> yes, with linux/iptables
<9> you are using a linux box with two NICs as a NAT router ?
<0> yeah
<9> well, you can use IPtables to block sites, sure.
<9> intx: what's tc ?
<9> tc qdisc add ....
<9> that doesn't look like an iptables command line
<10> traffic control
<0> Sneaky_Bastard: do you know how? can you give me some hand?
<11> anyon tries vuurmuur? http://vuurmuur.sourceforge.net/
<9> http://iptables-tutorial.frozentux.net/iptables-tutorial.html ?
<9> did you read the topic ?
<0> ok, thx
<0> not yet
<0> i will do now
<0> hehe
<9> well, you will need to not just read
<9> but try commands
<9> ;-)
<0> ok
<0> hehe
<0> :P
<0> k
<0> thx man
<9> for my own purposes.....
<9> ... I use webmin's "Linux Firewalls" control panel
<9> it's just so much easier
<0> ok
<9> there are many tools that are far easier to configure NetFilter with than iptables command line
<0> but, can you for example block some site in one computer, and block some other site in another computer?
<0> block them in the nat compuer
<0> computer*
<9> you could
<9> sure
<9> AFAIK
<0> cool
<0> i hope so
<9> that "tutorial" page is not for the novice, I'm afraid
<0> how do i see/delete all the iptables rules?
<0> iptables
<1> rumour has it iptables is a generic table structure for the definition of rulesets. Each rule within a chain consists of a number of cl***ifiers (iptables matches) and one optional connected action (iptables target)
<9> iptables is just the name of a command line program for configuring the NetFilter kernel module
<9> :p
<9> specifically, the table of rules
<0> yeah, but can you see the rules?
<0> or give away one rule
<0> how do i delete all the iptables rules, or disable the nat rule
<11> iptables -F
<1> iptables -F is the default conf hehe
<11> iptables -F -t nat
<12> hi!
<12> is there anyone alive?
<6> iptables -I INPUT -p icmp -j NFQUEUE --queue-num 1
<6> Bad argument `1'
<6> (debian sid, iptables 1.3.3-2)
<6> trying to change the old QUEUE rules into NFQUEUE ones
<6> strange, without any --queue-num the rule is inserted (with default queue-num = 0)
<6> there is something outdated with that debian package
<6> or I'm missing the point
<13> hi...i've got a question !
<6> when I'll succeed doing that, I'll gotta patch the python wrapper to ipqueue I guess
<13> i have a LAN network, with proxy-server machine(10.10.1.242:8080)
<13> i need to organize gateway(10.10.1.45) that will take inet from that proxy
<13> and all other machines(clients) will take inet from my gateway
<13> what should i tell iptables ? to take net from proxy ?
<13> what should i tell iptables ? to take inet from proxy ?
<6> XATRIX: you probably want to DNAT outgoing 80/tcp from your gw to the web-proxy ?
<13> maybe.....
<6> check out the man for the right syntax or the topic
<13> so what can i do for this ?
Return to
#iptables
or
Go to some related
logs:
ubuntu dual cpu i386
z35 suse10
Webmin needs to know your MySQL
#python
pango-querymodules: error while loading shared libraries libexpat.so.0
installing libpcre ubuntu
dapper 64 bit firefox32 azureus
#debian
#debian
nfs cobron
|
|