| |
| |
| |
|
Page: 1 2 3
Comments:
<0> raid5. brilliant for reads but boy does it **** arse on writes.
<0> oops
<0> hah. there is a bug in 2.2.2 and the gtkrc stuff
<0> goddamn
<0> fixed.
<0> yup. confirmed non-destructive.
<0> oh poo
<1> hi
<1> how i configure my firewall to permit only one conection from user to my database?
<1> iptables -A FORWARD -s $IP -m limit --limit 1 -j ACCEPT -> this dosent work
<1> ...
<2> try connlimit
<1> danieldg, im newbie
<1> :)
<1> and dont speak english so much
<1> iptables -A FORWARD -m connlimit 1 -s $IP -j ACCEPT ?
<1> lets try
<2> connlimit requires a kernel patch
<2> and you'd need two rules; one with --connlimit-above 1 -j REJECT, and after that an ACCEPT
<1> i have latest kernel
<1> and all modules
<2> it's not in the mainline kernel
<1> yeh
<1> realy not
<1> lets search
<2> http://netfilter.org/projects/patch-o-matic/pom-base.html
<1> yec its are on patch-o-matic
<1> :( bad patch-o-matic is bad ever crash my kernels
<1> well...
<2> if you're using 2.6.16, http://daniel.6dns.org/misc/connlimit.patch
<1> Linux chatran 2.6.16.18 #11 SMP PREEMPT Mon May 29 23:54:52 BRT 2006 i686 unknown unknown GNU/Linux
<1> 11 compilations :)
<1> aeueauuheauae
<1> reiserfs is bad to
<1> this is your site?
<2> yes
<1> best site ever!!!
<1> i like
<2> thanks
<1> you are network admin or som think like that?
<2> student, actually
<1> how many years you have?
<1> danieldg,
<2> done with 2
<1> ?
<1> :)
<1> 22?
<1> great
<1> im 23 4 on linux and i dont know nothing :(
<1> 205.250.185.77.49998 > 192.168.0.100.18872: LMP version 9 packet not supported
<1> what is this?
<1> lmp?
<2> is that from tcpdump?
<1> yes
<2> no idea what LMP is
<2> I usually use ethereal
<1> hum
<1> i like tcpdump
<1> 00:53:52.564059 IP 68.102.79.74.7000 > 192.168.0.100.18872: rx type 0 (42)
<1> this is strange to
<1> uheaueauueah all is strange to me :)
<2> tcpdump gives less info than ethereal, even with tons of -v
<1> danieldg,
<1> how i configure this extensions ?
<2> run "runme base" in pom directory
<1> svn co https://svn.netfilter.org/netfilter/trunk/iptables
<1> ok
<2> you'll need to checkout https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng too
<1> but have ip_connlimit on extensions
<1> dir
<1> libipt_connlimit.c
<2> right. you don't need to modify iptables
<2> just the kernel
<1> i have this connlimit i guess look:
<1> bash-3.00# iptables -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
<1> iptables v1.3.5: no command specified
<1> Try `iptables -h' or 'iptables --help' for more information.
<1> get this command on man iptables
<2> add a -A INPUT to the front
<1> :) sorry
<1> eaueahuuhaehuae
<1> bash-3.00# iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
<1> iptables: Unknown error 4294967295
<1> and this now?
<2> you need a patched kernel
<1> :(
<2> that error means the kernel you are running doesn't support connlimit
<1> i get the all source
<1> hum
<2> did you compile your own kernel?
<1> i compile kernel from kernel.org...
<1> bash-3.00# uname -a
<1> Linux chatran 2.6.16.18 #11 SMP PREEMPT Mon May 29 23:54:52 BRT 2006 i686 unknown unknown GNU/Linux
<1> 2.6.16.18
<2> ok, then in https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng, run the runme script
<1> ok wait
<2> first, use that patch from my site on the patch-o-matic tree
<1> how i patch my kernel?
<1> patch -p1 patch.file?
<2> no
<2> cd pom-dir; ./runme base
<1> ok
<1> wait
<1> well i a lot of options
<1> :)
<1> y to all?
<2> just apply the connlimit one and don't do anything for the others
<2> unless you see one you like :)
<1> i like all to test :)
<2> you'll need to make menuconfig again, and select them all as modules
<2> they default to N
<1> Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
<1> unable to find ladd slot in src /tmp/pom-5110/net/ipv4/netfilter/Makefile (./patchlets/connlimit/linux-2.6.11/./net/ipv4/netfilter/Makefile.ladd)
<2> ignore that
<1> so.. N?
<2> yes
<2> if you want, you can edit the code
<2> use my patch as a template
<1> im a newbie i dont know edit codes :)
<1> Excellent! Source trees are ready for compilation.
<2> connlimit applied correctly?
<1> i dont known. i will see if appears on make menuconfig
<2> did you use my patch?
<1> no
<1> patch -P1 /my_kerneldir ?
<1> how aply this patch?
<2> that patch is a patch to patch-o-matic itself
<2> just patch < file in the pom dir
<1> hum
<1> ok
<2> then run the runme script again
<1> bash-3.00# patch < connlimit.patch
<1> can't find file to patch at input line 5
<1> Perhaps you should have used the -p or --strip option?
<1> is ok?
<1> File to patch:
<1> what file?
<2> did you run that in the pom directory?
<1> yes
<1> bash-3.00# cd patch-o-matic-ng/
<1> bash-3.00# ls
<1> Netfilter_POM.pm README README.newpatches patch2pom patchlets pom2patch runme sources.list
<1> bash-3.00# wget http://daniel.6dns.org/misc/connlimit.patch
<1> --01:31:48-- http://daniel.6dns.org/misc/connlimit.patch
<1> => `connlimit.patch'
<1> Resolving daniel.6dns.org... 65.110.240.162, 2002:416e:f0a2::1
<2> try -p0
<1> Connecting to daniel.6dns.org|65.110.240.162|:80... connected.
<1> HTTP request sent, awaiting response... 200 OK
<1> Length: 1,565 (1.5K) [text/plain]
Return to
#netfilter
or
Go to some related
logs:
yumdownloader --source kernel No match for argument kernel
disable phpsessid
uml rootfs etch
bootsplash mariah carey
nvidia c51 x server ubuntu
howto install xemacs on ubuntu
perl irc-bot how-to POE::Component::IRC
suoders linux
katapult ubuntu process
krusader undelete
|
|