General :: Statistic Match Module For Iptables
Feb 17, 2011I have iptables 1.3.5 on CentOS 5.5 32 bits. kernel 2.6.18
How to install statistic match module for iptables?
ADVERTISEMENT
General :: Enabling The Statistic Module In Iptables
Apr 11, 2011How can I enable the statistic module in iptables?
I have
Fedora13 32 bits
iptables-1.4.7-2
kernel 2.6.18
Fedora Installation :: Upgrade Kernel And Enable Statistic Module In Iptables?
Apr 12, 2011Here is my problem:
I need to enable the statistic module in iptables.
I had Fedora 13 32 bits, iptables-1.4.7-2 and kernel 2.6.18
But kernel 2.6.18 does not support statistic module.
So, I upgraded from Fedora 13 to Fedora 14.
Now I have Fedora release 14 (Laughlin) and Kernel 2.6.18
I did this to upgrade: url
Also, I did this too.
# yum update kernel
No Packages marked for Update
How can I ugrade to newer kernel?
General :: Installing VSFTPD And Configuring IPTables To Match Another Server?
Nov 11, 2009I've been tasked with setting up a RHEL FTP server to mirror one we currently have. From what I've read, I need to install and configure VSFTPD and then configure IPTables. From what I've been able to come up with, I need to follow the steps in this article to install and setup VSFTPD. Is this a good complete article to follow you think?Also, how do I copy the iptables config from that server to my new one? I think that iptables on our current server only allows certain IPs or blocks certain IPs (not sure which), so I need to have it do that on my new server as well
View 14 Replies View RelatedGeneral :: Get Statistic By SNMP ?
Aug 7, 2010I want to add a few linux server to our monitoring system (solarwinds).
We have to get this information by snmp.The items we need are:
1-In Byte Transferred on every network interface
2-Out Byte Transferred on every network interface.
3-Memory Usage
4-Memory Free
5-CPU usage
6-Free Disk space on partiotion
7-Uptime
I could not find snmp OID or names for this object to fetch.
General :: Vmstat's Total Memory Statistic?
Sep 20, 2011I am analyzing memory usage on a Linux system. When I run vmstat -s, I see the following:
waffleman@waffle-iron:~$ vmstat -s
3549184 K total memory
3206708 K used memory
1918012 K active memory
1037320 K inactive memory
342476 K free memory
[Code]...
I know the system has 4096 MB of RAM installed, but why does it show only 3466 MB? Can this be interpreted as total "available" memory? Perhaps the missing 630 MB is being used by the kernel and cannot paged out?
I also tried this on on an Embedded Linux system and saw a similar result. The DRAM chip has 128 MB, but only 124 MB shows up in vmstat.
Security :: Change Values Of Parameters For Iptables "recent" Match?
Dec 8, 2010According to the man page, the "recent" match of iptables accepts certain parameters (e.g. "ip_list_tot"). I'd like to change the values of some of them.
All the solutions found on the web were about changing parameters for module, but my kernel was compiled without modules support (such that it can be used for installation booting as well).
How can I change the match parameters for my non-modular kernel ?
Networking :: IPtables And Rate Limit Module
Apr 8, 2010I'm a newbie in the world of netfilter/iptables. I've read an article about iptables and rate limit module:
Code: iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT The firewall will let the first 5 packets in in the first minute, -limit-burst 5; this means, however, that the packets/minute now is 5, so any further packets are blocked until packets/minute = 1, i.e. 5 minutes later. In the sixth minute, packets/minute will be 5/6 < 1, so another ping request will be let in. When the extra ping request is admitted, the ratio becomes 6/6 = 1 again, and packets are DROPped again until the next minute.
Now I have some problems in understanding how it works.
For example: I want ping google.com in this way: the kernel firewall permits to send the first 5 packet to google.com (--limit-burst 5) and then it blocks the remaining packets for 5 minutes. At sixth minute (because I wish a limit rate equal to 1/minute: --limit 1/minute) one packet can send to google again. And so on.
So my rule should be:
Code: iptables -A OUTPUT -d url_of_google -p icmp --icmp-type echo-request -m limit --limit 1/minute --limit-burst 5 -j ACCEPT In this way, if i digit
Code: ping -f url_of_gogle I expect that the first 5 packets are accepted (and so zero '.' will print on the screen) and then for the remaining 5 minutes no one packets will be accepted (and so a long string of '.' will print). But it doesn't work...
In man pages of ping we read (about -f option):
-f Flood ping. Outputs packets as fast as they come back or one hundred times per second, whichever is more. For every ECHO_REQUEST sent a period ``.'' is printed, while for every ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped.
Security :: IPTABLES Rules Using Ipt_mac Module?
Feb 20, 2010I've configured squid proxy server in a P4 desktop. I've 50 users in my network. I installed RHEL 4.4 (2.6.9-42 kernel) and the iptables version is 1.2.11-3.1. I've 2 NICs installed in the system. eth0 (192.168.100.99) for local lan and eth1 (192.168.1.2) for outgoing to internet. I've connected DSL broadband modem to eth1 (default ip of DSL modem is 192.168.1.1). All the clients except few has been forced to go through squid by user authentication to access internet. Those clients which were kept away from proxy are 192.168.100.253, 192.168.100.97, 192.168.100.95 and 192.168.100.165. Everything works fine but from last week I observed that one of some notorious user use the direct IPs (192.168.100.97 or 192.168.100.95) in the absense of the owner of these IPs to gain access to internet as we applied download/upload restrictions in squid.
I want to filter the packets of source hosts using MAC address in PREROUTING chain. I read somewhere that IPT_MAC module must be installed to make this happen. So that those notorious users can not change their ips to gain direct access to internet.
Below are the contents of my iptables file (I've ommited few entries for safty purpose).
# Generated by iptables-save v1.2.11 on Wed Nov 25 16:35:57 2009
*filter
:INPUT ACCEPT [14274:3846787]
:FORWARD ACCEPT [4460:1241297]
:OUTPUT ACCEPT [16825:4872475]
code....
OpenSUSE Network :: Firewall2 And Iptables String Module?
Oct 28, 2010I am trying to setup a scenario where I am able to control the access to certain html files. I'd like forbid access to the URL: url
my iptables rule in "SuSEfirewall2-custom" looks like:
iptables -I INPUT -j DROP -p tcp -m string --string ".*test.*" -algo bm
--dport $port
As a result, I get:
#> rcSuSEfirewall2 start
Starting Firewall Initialization (phase 2 of 2) Bad argument `--string'
(same for "-string")
Ubuntu Security :: Iptables Limit Module Not Working?
May 14, 2011I'm trying to limit the number of the ICMP packets reaching my server, so I'm using the limit module of iptables, unfortunately it seems the limit I set is totally ignored as I can easily send tens of ICMP packets and get a reply in less than 0.3 second Quote:
m3xican@m3xtop:~$ sudo ping -i0 -c20 x.x.x.x 20 packets transmitted, 20 received, 0% packet loss, time 230ms
rtt min/avg/max/mdev = 184.969/185.895/189.732/1.301 ms, pipe 16, ipg/ewma 12.138/186.232 ms This is the rule I'm using to accept ICMP packets (default setting is DROP)
Code:
iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT
And these are the kernel modules related to iptables
Code:
Module Size Used by
xt_limit 1382 0
[Code]...
CentOS 5 Networking :: IPtables Module Load Fail
Apr 10, 2010I'm encountering a known problem with IPtables. I set up rules and apply them, restarting firewall, then I get this message:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: raw nat mangle filter [ OK ]
Applying iptables firewall rules: [ OK ]
Loading iptables additional modules: ip_conntrack_ftp ip_conntrack_netbios_ns [FAILED]
Debian :: How To Install Iptables-persistent As Loadable Kernel Module
Nov 10, 2015I'm working on my iptables rules on a debian 8 vps and I tried to install iptables-persistent but I was told "Unable to locate package"...
Where can I get this so that I may save my rules for reboot?
Ubuntu Networking :: IPtables NAT Rule Setup - Unknown Symbol In Module
Nov 16, 2010Trying to setup my box as a router on Ubuntu 10.04. When trying to setup a NAT rule in iptables 1.4.4 like so:
Code:
sudo iptables --table NAT --append POSTROUTING -o eth0 -j MASQUERADE
I keep getting:
Code:
Can't initialize iptables table 'NAT': Table does not exist (do you need to insmod?)
Looking at lsmod, it doesn't look like I have anything NAT related loaded ( I just have iptable_filter, ip_tables, and x_table ). Doing a locate nat, I find a module that looks like it should work. I'm running 10.04.1 LTS - Kernel is 2.6.32-25-generic #45-Ubuntu SMP and it is pretty much stock - haven't done anything fancy... this module looks promising:
Code:
/lib/modules/2.6.32-25-generic/kernel/net/ipv4/netfilter/iptable_nat.ko
but loading it and I get:
Code:
-1 Unknown symbol in module
Ubuntu Installation :: Iptables Is Not Installed Nor As Package Nor Included As Kernel Module
May 26, 2011installing and setting the iptables on U 8.04 LTS? currently iptables is not installed nor as package nor included as kernel module.
View 4 Replies View RelatedSecurity :: Iptables 1.4.1 Mac Module Doesn't Work (error Message) - Fedora Core 8
Nov 25, 2010I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
Programming :: Match Datetime By The Minute (not An Exact Match By The Second)
Oct 21, 2010I have the following query:
Code:
$sql="SELECT table1.datetime, table1.user_id, table2.ip, FROM table1,table2 WHERE id='$id' AND (table1.id = table2.id AND table1.datetime = table2.datetime)";
In table2 the datetime fields are about 1 to 2 seconds off due to the source of the data, which I cannot change.
Is it possible via a query match table1.datetime & table2.datetime by HH:MM (ie. to the minute instead of to the second)?
Security :: Iptables State Module - Configuration Error / Not Enable Incoming Packets From Connections Initiated From Inside?
Mar 30, 2011I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
General :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?
Sep 17, 2010I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
General :: Adding A New Kernel Module To Wireless Driver Module?
Apr 22, 2010I want to add some code in existing linux2.6.33.2 to enhance kernelI want to know how to start and where to add code.
View 2 Replies View RelatedGeneral :: Install Module U32 Into The Netfilter Module For Kernel 2.6.27
Jan 30, 2011I need to install module u32 into the netfilter module for kernel 2.6.27.
I did not see the source code in the kernel version I have. where can I find the code for U32 module.
I have checked "netfilter.org" and looks like POM is discontinued. Is the u32 module committed to kernel version 2.6.27 or need to patch it. If yes, where can I find the patch?
I building the kernel for a MIPS processor.
Programming :: Column Statistic By Awk ?
Jan 13, 2010Here is the txt file
Code:
I want to use a script to statistic the results like that
I want to know the the same string in the first column and how many different in the second column ?
how awk to write ?
Software :: Identify What Process Are Making Up The WA Statistic?
Dec 23, 2008I have a WA% between 50-80%.
So I have a few questions.
1. Is that WA% only disk I/O or can it include network IO?
2. How do I identify which processes are making up that WA statistic?
3. Why does iostat report 100% utilization when the drive read/write speeds are under 1MB/s?
The reason I'm asking.
My Oracle stats are saying that the drives are running at about 5MB/s right now, the WA is 55%, and the iostat -m -x is reporting the drives running at 100% utilization with a read/write rate under 1MB/s. The read speed of the drive is 98MB/s (tested with hdparm -tT when I installed the drives)
I know I have a few queries using full tables scans which I'm working on but I'd think that 100% utilization should be running at the full 98MB/s.
I want to try to identify which process (most likely and oracle one) is using the 100% utilization/55% WA.
General :: Failed To Load "canberra-gtk-module": Libcanberra-gtk-module No Such File Or Directory
Mar 25, 2011i installed firefox 4 and removed the old 3.X version. did a general update that my computer showed me was available then i noticed the first problem. firefox 4 would not launch when i clicked it, it would only launch when i clicked the gnome 3 applications button and then clicked and dragged the firefox logo to the desktop, then it opened. the second problem i am now having which at the moment is more bothersome is that after i closed the lid to my laptop and opened it up again after a while and logged back in and noticed that the ENTIRE gnome 3 environment was gone. no panel no menu nothing just the desktop and a few desktop icons. i tried the command "yum install gnome-shell" but it just sed that gnome 2.31.5-7 .fc14.i686 was already installed so it wasnt gonna do anything, then i tried the "gnome-shell --replace" command and it just said
failed to load "canberra-gtk-module": libcanberra-gtk-module no such file or directory.
Red Hat / Fedora :: Ifconfig Not Showing Packet Statistic For Sub-interface
Jul 19, 2009I get this ifconfig output for eth0:1 :
eth0:1
Where are all the packet statistics?
Server :: Qmail Smtp Statistic Command Or Program?
Aug 5, 2010I need qmail smtp statistic command or program..for example: How many e-mail was sent today
View 1 Replies View RelatedGeneral :: (EE) Failed To Load Module "vmwgfx" (module Does Not Exist, 0)
Jun 23, 2011I cannot find the Xorg configuration file on my newly installed Debian on my tablet-pc, so I followed this tutorial [URL] and ran the command "Xorg -configure", to which I got the following error messages:
(EE) Failed to load module "vmwgfx" (module does not exist, 0)
(EE) vmware: Please ignore the above warnings about not being able to load module/driver vmwgfx
(++) Using config file: "/root/xorg.conf.new"
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
[code]...
Software :: Using Command And Script To Build A Program Which Can Do Exception-statistic In Log
Aug 5, 2010I have a log file and there are many different types of exception in this file. These could be looked as follow:
Code:
One can see there two types of exceptions: ORGNoCompetenceException and SocketException.
I will filter out the name/type of exception and the number of each type of exception. At last, this statistic data will write to file and create a Excel table.
Networking :: Statistic About Interfaces From /proc/net/dev - File Is Reset When Get Reach More Than 4G Byte
Jun 27, 2010I have to get soem statistic about interfaces from /proc/net/dev. but statistic on this file is reset when get reach more than 4G byte.I think linux has limitation on this case.
View 1 Replies View RelatedGeneral :: Delete Only First Hit /match With Sed?
Jan 23, 2011$ echo -e "AsometAhingA
somethingA
ASomethiAng"
AsometAhingA[code]....
I know that sed "s/A//" deletes the first match in every line.But i want to delete only the first match in a txt. like: sed -i "MAGIC" file.txt