| |
| |
| |
|
Page: 1 2 3 4 5
Comments:
<0> did you netstat as ai2097 said?
<0> Have a nice day too :-\
<0> lol
<1> hi
<1> I've noticed some strange messages on syslog I don't understand :
<1> Redirect from 83.x.y.86 on eth0 about 83.x.y.95 ignored.
<1> Advised path = <myIP> -> 83.x.y.95, tos 00
<1> can anybody explain me what does that mean?
<2> antlarr: If I had to take a guess, I'd say it looks like you're getting ICMP redirect packets.
<1> it seems so, but what I wonder is... is that bad? does it mean I'm being hacked (or tried to)?
<3> how do i add a new rule to iptables ?
<3> i have already created my own rule and i want to add it to iptables
<3> anyone ?
<4> Because you don't use it the right way?
<3> hmm i do
<4> Okay
<4> Tell me what you have done so far
<4> And tell me more specifically what it is that doesn't work
<3> http://pastebin.com/528836
<4> This was made by hand or by iptables-save ?
<3> by hand
<3> now i want to import an iptables config script directly into the iptables ruleset
<5> Yesterday, "23:13 < papaz> he **** up my iptables rule and now he left" about someone who tried to help.
<3> so i run iptables-restore < /root/firewall_reset
<3> rob0 hell yeah since yesday i try to figure it out whats wring with my iptables
<4> Well, that command should work
<3> he tryed to help but he also said that he told me some wrong answers
<3> i know it should
<3> there should be a other way to insert a rule to iptables then using iptables-restore < /root/firewall_reset
<4> Yea
<4> You can use 'iptables -A rule' to append a fule
<4> err
<4> A rule
<4> And 'iptables -I rule' to insert a rule
<4> But the context is different than the one iptables-save's make
<5> And if something is FUBAR in the kernel config it won't work, and papaz can complain about you :)
<4> hehe
<3> Try to ping your server. This should fail, since all ping requests are being dropped by the firewall.
<6> quick q: doe iptables-restore/save work the same as service iptables restart/save?
<5> service(8) is a frontend for the /etc/init.d scripts in RH-derived distros. So read /etc/init.d/iptables to find out your answer.
<5> <== not using an RH derivative
<6> thnx found what i wanted to know
<3> hi
<3> what do i have to add or remove to this rule " http://pastebin.com/528907 " so that xchat can connect to any server ?
<3> if i enable that rule , i cannot get connected anymore with xchat
<3> any ideea
<3> can anyone please tell me
<5> If you have to ask how to use OUTPUT rules, do not use OUTPUT rules.
<5> In INPUT, ACCEPT the port you need for your server.
<3> please give me an example
<3> i just want to permit xchat to connect to any server , that all
<7> papaz: don't use any output rules, or allow your uid full access
<3> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
<3> ?
<3> hmm
<3> dont know what should i do man
<3> i mix them all up :)
<3> http://pastebin.com/528907 this is my firewall rules
<7> yes. you're not allowing irc
<3> what line ?
<3> what do i have to change
<7> allow the port IRC uses. I would just remove any OUTPUT filters
<3> http://pastebin.com/528960 danieldg thats my new rule i remove the OUTPUT filters and its still not working
<7> change :OUTPUT DROP [0:0] to :OUTPUT ACCEPT [0:0]
<3> just did and not iptables its not starting anymoew
<3> *anymore
<7> what do you mean?
<3> i cannot start iptables after i change :OUTPUT DROP [0:0] to :OUTPUT ACCEPT [0:0]
<7> what error message?
<3> nothing it just hangs
<7> iptables-restore<that-file ?
<3> well i just edit /etc/sysconfig/iptables
<3> iptables-restore< /root/primary_firewall also hangs
<3> i cannot belive this man
<7> is it hanging on a modprobe? I wouln't think so since you've already used this firewall before...
<3> no its not hanging on a modprobe
<3> i just cannot start iptables
<3> services config doesnt want to start the iptables
<7> that's really strange
<3> yes it is
<3> havent you got any iptables rules that i can try ?
<7> I have a bunch, but I'm not sure they would help your problem...
<3> why not ?
<7> because I don't think iptables-restore is supposed to hang like that
<3> just a standard rules , or something you think might work
<3> thats right
<7> http://daniel.6dns.org/info/iptables/
<8> salut
<3> hi
<8> sudo iptables -A OUTPUT -m owner --cmd-owner myapplication -j DROP
<8> i would like to bloque the trafic of a software
<8> and iptable say
<8> iptables: Invalid argument
<8> can someone help me
<5> The owner match is broken in some kernels.
<8> 2.6.14-archck5
<5> What kernel version? Yeah, probably so.
<5> I think it worked in older kernels.
<8> and on a 2.6.15 does it s work ?
<8> ah
<5> can you run it as a different user and use --uid-owner?
<5> I could try and see on my 2.6.15, hang on ...
<5> iptables: Invalid argument
<8> it was usefull
<8> why do they remove it
<7> it was broken on SMP, but I don't know what reason it was removed for
<5> Coding error most likely. :)
<8> okay
<7> I'm guessing more like a design problem, since the manpage said it was broken
<8> okay i don t know how to bloc my programe
<7> what does the program do?
<8> tcheck invalid serial on quake4 games
<5> find out what port it binds, block the port
<5> netstat(8) is your friend
<8> netstat -taupe ?
<5> looks right
<8> and if i want to log the connexions etablised in a period af 10 minutes ?
<8> i must do do a watch --n 1 ?
<7> that or use a packet sniffer to look at the connections. Or since you're using 2.6.14, you could use the conntrack program
<8> a tcpdump or what
<8> a counttrack program what is this
<5> http://www.netfilter.org/ is down :(
<7> yeah, I was just noticing that
<5> semelle: what distro?
<8> salackware 10.2
<8> slackware
<5> aha I have binary packages for slackware-10.2 :)
<5> I can put them where you can get them
<8> why not
<5> these were compiled for either i686 or k7, not sure, but they will probably work on any i686-cl*** machine.
<8> ftp://ftp.netfilter.org/pub/conntrack/snapshot/conntrack-20060128.tar.bz2 that ?
<7> yes, I think so
<7> that's the source
<8> okay thx
<5> yes
<5> http://www.netfilter.org/ is up again :)
<9> MI
<10> hello folks
<10> does someone know if there is a syntax specification for iptables-save/restore scripts?
<2> I think it is, by definition, non-portable. AFAIK, it's based on serializing/deserializing via iptables' frontends for the underlying netfilters interface.
<5> The manpage describes it somewhat.
<5> iptables-save(8)
<5> or not :)
<10> yes, but some parts are missing ... e.g. you have to use " for escaping parameters and stuff.
<10> I think it is, by definition, non-portable. AFAIK, it's based on serializing/deserializing via iptables' frontends
<5> One thing you can do, if you want the flexibility of a shell script with the convenience of iptables-restore rulesets, is to use a shell "here document".
<10> damn cut'n'paste.
<5> cat << EOF | iptables-restore
<10> shell "here document"?
Return to
#iptables
or
Go to some related
logs:
gentoo aiglx calling driver entry point failed
undefined symbol XAACreateInfoRec
#ubuntu
unmerge+esound+package conflicts
officejet 7310 ubuntu
#debian
#linux
Arithmatic in php5
mysql unknown variable ssl-ca
#xorg
|
|