| |
| |
| |
|
Comments:
<0> hi
<0> can anyone tell me why the MIRROR target was removed from linux-2.6 ?
<0> and if there are patches to add it again?
<1> StijnT: it's very easy to misuse it, easy to "attack" other machines by spoofing the source-ip and send it to a machine that runs the MIRROR target
<1> StijnT: I don't think there's a patch to add it again but you can always copy it from an older kernel...
<0> Gandalf_: ok, thanks.
<2> gug
<3> gug
<4> after how long is a packet no longer ***ociated with a connection and cl***ified as INVALID ?
<1> depends on the timeout of the connection entry in conntrack
<1> that timeout depends on the protocol and which state the connection is in
<1> look at /proc/sys/net/ipv4/netfilter/
<4> ok thx
<4> I suppose its not safe to play with those numbers ?
<4> we want to implement some form of extrusion detection system that detects when webservers make connections to the outside world
<4> but some packets get cl***ified as new connections
<4> so we have quite a few false positives
<1> it's safe to play with the numbers (unless you increase them too much so that you have lots of entries in conntrack with huge timeouts that use up all your memory)
<1> you can make conntrack be stricter for tcp sessions if you like
<1> echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose
<4> ah
<4> thx :)
<5> dang. even with my OUTPUT table accepting NEW,ESTABLISHED,RELATED, it still drops a bunch of stuff
<5> with -P OUTPUT DROP
<4> maybe you need to load some conntrack helper modules ?
<4> hmm no nvm :)
<6> hmmm netfilter.org down for service ?
<7> hard__ware: yes
<6> =) np
<8> gug
<9> Hello
<9> I was wondering how network equipment (routers and etc) will distinguish between UDP and TCP packets? They will be inside IP packets, aren't they?
<9> *** - . www.RusHack.net ***
<10> gug
<11> wish there was a way to 'name' counter-only rules in iptables -L for easy parsing by scripts
<11> also wish i could count promisc packets on the wire without setting up a bridge to trick the kernel into seeing them
<1> there's a comment match that you could use
<11> a what?
<12> "All machines ({vishnu,lakshmi,durga}.netfilter.org,ganesha.gnumonks.org}" omg i use hindu god names for my machines too!
<1> Rubin: a match called "comment", the only purpose of this match is to print out text when you list your rules, text that you specified when you added the rules
<11> Gandalf_: hmm. its not on the same line as a rule though. maybe still workable
<1> it's not on the same line?
<1> it should be
<11> oh
<11> hmm is this not in the man page?
<1> it's just another match
<1> it's in patch-o-matic
<11> http://www.netfilter.org/patch-o-matic/pom-extra.html ?
<11> i dont see it
<1> not sure that's updated, look in svn
<11> oh, there it is in submitted
<11> wonder how much overhead is involved in ULOG target if theres no ulogd running
<11> should be minimal i would think?
<11> cos i could do it that way without rebuilding the kenerl
<13> hey guys, can anyone tell me why libipt_CLUSTERIP.so might not build on certain boxes?
<11> supa_user: error messages might help
<13> i don't see any, that's the problem really
<13> it's just missing from the completed build
<1> are you compiling against a kernelsource that contains the CLUSTERIP target?
<1> otherwise it won't be built
<13> ah ha, maybe that's it
<13> any idea what files I need in the kernel source?
<1> ipt_CLUSTERIP.c
<13> yup, that's it, I only have the .h file there
<13> include/linux/netfilter_ipv4/ipt_CLUSTERIP.c ?
<8> supa_user: no, net/ipv4/netfilter/ipt_CLUSTERIP.c
<1> hi Hidden
<13> thanks guys!
Return to
#netfilter
or
Go to some related
logs:
necronomicron pdf
#bash
Cannot CHANGE-CLASS objects into CLASS metaobjects
osdev rtl
#python
#linux
overclock X600 passive-cooling
oww debian package .deb
lirc_mceusb2 modprobe ubuntu
magical_trevsky
|
|