I have created a new user define chain # iptanles -N blacklistNormally when we add a new rule it automatically insert in the default iptable but when we create a user define chain then how can I add my rules in this chain ?
View 3 Repliestell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.
View 3 Replies View Relatedwhats the different between Chain RH-Firewall-1-INPUT (2 references) and Chain INPUT (policy ACCEPT)?
View 1 Replies View RelatedI need define a user /password for sasl but want the authentication at runtime be automatic - no explicit prompting the user while accessing a tcp socket with some applications that need the authentication (e.g libvirt)
so I try : saslpasswd2 -c -p -a libvirt <user>
and it hangs (if i now press Enter it says : "invalid parameter supplied") . if I avoid the -p flag the above commad works fine and prompts for password and later when using the tcp it prompts for the above defined user/password and autheticates ok .
But I want without the explicit authentication
The man pages says -p Pipe mode - saslpasswd2 will neither prompt for the password nor verify that it was entered correctly. This is the default when standard input is not a terminal.
In the past (before some upgrading of libvirt via rpm) I had the SASL authentication at runtime done automatically with no explicit prompting the user
I ve a script to delete a folder is given below:
1. I need a script to clear the cacheroot in my box.
2. What user mention to delete the folder that should ve to delete.
Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
Is it possible to only view certain chains and more specifically certain chain policies with options when doing: iptables -L..I would like for example view FORWARD ACCEPT rules instead of waiting for all of the drop rules to load when viewing a firewalled iptables.
View 1 Replies View RelatedI was having trouble setting up a db connection from my local machine to a db server that was configured to only accept connections from machines behind its own subnet. I had trouble setting up a multiple hop tunnel for chaining port forwarding through my firewall machine on the same subnet as the db. My first attempt involved two port forwards, on localhost and on the firewall machine, which didn't work for me. This approach I found at URL... involved constructing an end to end connection to the db via the firewall machine.
View 2 Replies View RelatedI'm trying to recover movie files from my TNT receiver hard drive but it corrupts its FAT32 allocation table (crappy cheap device...)
Using dosfsck is useless because the correct file length is the cluster length, not the (shorter) one in the table, and dosfsck only proposes to shorten the file, which I won't do.
Question: how to recover a file using the FAT cluster chain instead of using the stored length in the FAT table?
I want to define TAB key at terminal.When i press TAB key i want all files shows like "ls -ltrh -color"
View 12 Replies View Related'm trying to access remotely to my computer that is in my home with a VNC client. The problem is that from my company site, I'm behind a proxy and I must use this proxy to connect my computer.I'm new to the vnc programs, so I don't know how to define a connection to use the proxy. My laptop is well configured, the only problem is set a vnc client to use a defined proxy. 1 - I've installed VNC viewer or tightvnc viewer, but I can't find any option in it to define a proxy. How can I define a proxy in this program?2 - Is there any vnc client that allows to define a proxy?3 - Should I define a tunnel that redirects my connection to my remote PC? For example, if I define a tunnels that from localhost:5656 it connects to my remotePCort through the proxy will I hane any problem
View 1 Replies View RelatedOn Linux, the Ctrl-[ key combination appears to be equivalent to hitting the Esc key. I would like to define Ctrl-[ as a shortcut in emacs but I am unable to because by the time the keystroke gets to emacs it looks like the Esc key was pressed. Is there anyway to disable this behavior so that Ctrl-[ simply means Ctrl-[?
View 2 Replies View Relatedhow can I define file type for wget to download . for example I do not want to download *.html or I just want to download *.jpg files . or if it does not support any of them do you know any other suggestion ?
View 1 Replies View RelatedWhen installing Linux,sometimes i tried to install that on my second hard disk, which is set to be a dynamic disk(named hdb),but a message said that: root is not defined for hdb.
-What does that mean? Does it mean that a Linux driver must be opened on that hard disk? if so:where do i find a linux driver
this seems like it should be a simple thing, but I can't find it. Is there a bash shell command that allows you to create a string of repeated characters? Like a string of 100 '*'?
View 6 Replies View RelatedI have a kernel function device_ioctl(). How do I define it in file_operations?
1. struct file_operations memory_fops = {
ioctl:device_ioctl
};
2. struct file_operations memory_fops = {
.ioctl=device_ioctl
};
3. struct file_operations memory_fops = {
device_ioctl
};
which one is the right one?
I'm on Mageia Linux Cauldron (what will become Mageia 2), where Mageia Linux is a recent community fork of Mandriva Linux. this script gives me the Xkb layout that I need:
#!/bin/sh
setxkbmap
-option ""
-option "compose:ralt,grp:switch,grp:alt_shift_toggle,grp_led:scroll"
-variant ",lyx"
'us,il'
[Code]...
why do we have to define both Source/Destination AND Direction when building firewall.Isn't direction= source->destination? what would happen if source and destination were swapped?
View 3 Replies View Relateddefining keyboard layouts in linux (ubuntu 10.04 here). there does not seem to be any easy, graphical way to define keyboard mappings (except for keyboardlayouteditor, but frankly, i do not understand the installation description.i am using an apple aluminum keyboard with a german layout, but no matter what i do the (<>) and (^°) keys are always swapped (i did manage to change the default behavior for the f1...f12 keys from multimedia back to 'ordinary', application-centric... all you have to do is add the line echo 2 > /sys/module/hid_apple/parameters/fnmode to /etc/rc.local... this is so bloody obvious i am ashamed i had to search the web for this!).
adding to my distress, i find the chinese IMEs a horror (not a single one of the many i tried does anywhere come near google pinyin for windows), and have gotten neither ibus nor scime to work in a satisfactory way for me. i find linux keyboard handling a morass. i know this must be one of the hardest problems in computer science, since this subject gets so convoluted no matter whether its on windows or in-the-browser javascript. as a linguist i am well aware of the inherent complications proper text handling poses, but looking at descriptions how to configure xkb makes building interstellar spaceships look like a cakewalk.
find a place in the system where keystrokes are recorded;read out those codes (could be scan codes or character codes) using a daemon (implemented in python; i heard you have to listen to IOCTL or somesuch); when certain code combinations appear, switch them to do what you want;applications now get to see a X where formerly the got to see a U and vice versa;profit!
Is there a place, in ubuntu / linux systems that does allow reading out keyboard codes? Is there a way to block processing of such keyboard actions until an intercepting daemon has processed them? Would such an interceptor work for a broad range of use cases? like on the command line, in a gtk app, in wine, in firefox and so on? An alternative would actually be to grok keyboardlayouteditor, so if someone could post about a readable, complete installation instruction or point out installable packages, that'd be great, too.
I'm using ArchLinux and I have an IP tables rule that I know works (from my other server), and it's in /etc/iptables/iptables.rules, it's the only rule set in that directory. I run, /etc/rc.d/iptables save, then /etc/rc.d/iptables/restart, but when I do "iptables --list", I get ACCEPTs on INPUT,FORWARD & OUTPUT.
# Generated by iptables-save v1.4.8 on Sat Jan 8 18:42:50 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
[Code]....
I'm running Ubuntu 9.10 (Karmic Koala) on a laptop and would like NumLock to automatically toggle depending on whether my USB keyboard is plugged in (numlock on) or unplugged (numlock off).
To accomplish this, I first installed the "numlockx" package. numlockx on and numlockx off works fine.
To hook into the device system, I thought I'd use udev. I have read "Writing udev rules", but I'm having trouble getting the udev rule to work.
First, here's an example of the dmesg output:
[20906.985102] usb 3-2: new low speed USB device using uhci_hcd and address 6
[20907.166403] usb 3-2: configuration #1 chosen from 1 choice
[20907.192904] input: Microsoft Natural® Ergonomic Keyboard 4000 as /devices/pci0000:00/0000:00:1a.0/usb3/3-2/3-2:1.0/input/input20
[20907.193100] microsoft 0003:045E:00DB.000B: input,hidraw1: USB HID v1.11
[Code]....
Do I have to create a rule for:
Code:
$IPT -A fwalert -p tcp --tcp-flags SYN,ACK SYN,ACK -m conntrack --ctstate NEW $RLIMIT -j LOG $LOGLIMIT --log-tcp-options --log-level 4 --log-prefix
to drop rather than log if my table has a default policy of drop with :
Code:
$IPT -t fwalert -P DROP
I am getting this following error when I do compilation..Please let me know what is missing
ubuntu@ubuntu-desktop:/home/swamy/ttviewer/uvcvideo-2.6.32$ make
make -C /lib/modules/2.6.31-203-gee1fdae/build SUBDIRS=/home/swamy/ttviewer/uvcvideo-2.6.32 modules
make[1]: Entering directory `/usr/src/linux'
[code]....
I am not good at writing udev rules. I am using RHEL 4.7, I would like to invoke a file install.sh which is in CDROM as soon as the CDROM is inserted
View 2 Replies View RelatedI'm trying to cross-compile "sudo" source for Power-PC platform using Montavista tool chain. I'm getting the following error message during configuration: checking host system type... Invalid configuration `ppc_82xx': machine `ppc_82xx' not recognized It is clear that it has found the cross-compiler and configure knows that we are cross-compiling but it fails to recognize the machine. The complete dump follows:
[vhn@localhost sudo-1.7.2p2]$ ./configure --host=ppc_82xx
configure: WARNING: If you wanted to set the --build type, don't use --host.
If a cross compiler is detected then cross compile mode will be used.
configure: Configuring Sudo version 1.7.2p2
checking whether to lecture users the first time they run sudo... yes
checking whether sudo should log via syslog or to a file by default... syslog
[Code]...
I have samba running on 192.168.100.209 and I am trying to open samba ports only for hosts in 192.168.100.0/24 network.. I have added following rules to iptables. But still I am not able to connect from machines from 192.168.100.0/24 network
Code:
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 445 -j ACCEPT
What's wrong with the above rules ?
I have configured a sendmail MTA for incoming mails in a network and by using IPtables i have redirected the traffic internally to other port where one more SMTP by a application is running.Iptables rule:iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPTiptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 25000My sendmail config is as below.
Sendmail.mc
define(`SMART_HOST', `relay:host.subdomain.mydomain.com')dnl
dnl # define(`RELAY_MAILER',`esmtp')dnl
[code]...
My network diagram is internet<---->dansguardian proxy(centos5)<--->my network i have blocked facebook for my network but now i want to give only 2 ips to get its access & i do not want to enter these ip in exceptioniplist as if i doo so then they will be able to access all the sites that i have blocked. and if i am giving this entry [URL] in bannedsite list it is also not working.....
View 1 Replies View RelatedI am using Fedora 8. I tried to install ns 2.31. But error came as " No rule to make target "VERSION" needed by gen/version.c".
View 2 Replies View RelatedI got a digital picture key chain and it comes with windows software. I plugged it in and it's detected as a read only usb storage, so I can't upload any pictures in it
View 3 Replies View Related