I need to configure 60000 lines in iptables. I am using script to create a file and iptables-restore to configure them.
I am getting error on commit and I see that if the file size if larger than around 39000 it failed.
Is there a limit to number of lines in iptables ?
I've ran "powertop" on my computer and it showed horrible amount of wake-ups per second:
Code:
Cn Avg residency P-states (frequencies)
C0 (cpu running) (26.7%) 2.81 Ghz 100.0%
polling 0.0ms ( 0.0%) 1400 Mhz 0.0%
C1 16.2ms (60.5%) 1050 Mhz 0.0%
C2 0.0ms (12.8%) 700 Mhz 0.0%
350 Mhz 0.0%
Wakeups-from-idle per second : 63944.8 interval: 5.0s
no ACPI power usage estimate available
Top causes for wakeups:
45.1% ( 15.6) <interrupt> : pata_atiixp
26.0% ( 9.0) <kernel core> : hrtimer_start_range_ns (tick_sched_timer)
9.2% ( 3.2) <kernel core> : hrtimer_start (tick_sched_timer)
5.8% ( 2.0) <kernel core> : add_timer_on (clocksource_watchdog)
1.7% ( 0.6) <interrupt> : ohci_hcd:usb4, radeon, yenta
1.7% ( 0.6) Xorg : queue_delayed_work (delayed_work_timer_fn)
Suggestion: increase the VM dirty writeback time from 5.00 to 15 seconds with:
Echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
This wakes the disk up less frequently for background VM activity
Q - Quit R - Refresh W - Increase Writeback time
If I wait it decreases to 50000, but it is still huge!
Situation is duplicated after complete F12 re-install. All defaults are used and no changes performed after install. Just checked again and let computer run idle for a while. Powertop reports 79604 wake-up per second, even more than before. Again, the top cause is "pata_atiixp". Also, performing suggestions of powertop shown at the bottom of the program does not help either. That decreases wake-up by a few hundreds only. Wake-ups are still well over 50000.
I've got a machine on my network that's just running default Ubuntu 9.10, but I was considering setting up a network dhcp service on it to manage my machines. As such I was just wondering about configuring the iptables for it.
Reading about, I believe all incoming connections are dropped by default in a standard installation of Ubuntu anyway. If so, is it simply a case of enabling UFW and using it to allow the appropriate port for the dhcpd service and not touching anything else and everything should remain secure?
I am trying to figure out how I can configure IPtables to only allow VNC traffic to an internal server over SSH.
My configuration is WAN < --- > Gateway (Ubuntu 9.10 Server) < --- > Internal Server (that I want to control with VNC over SSH)
I'm installed 64-bit openSUSE 11.4 with GNOME. I have a DELL mouse with middle wheel. How do I configure the lines the wheel scrolls? By default it is about 1-2 lines. I need more.
I searched many places. Seems only KDE supports this settings. I also digged up VertScrollDelta in xorg.conf, but the latter is not used currently (not exists in /etc/X11/).
I have configured iptables in my system and is working. But I cant find iptables kernel folders such as iptables/extensions/Makefile to make a utility Where to locate them? or how to download and install?
View 11 Replies View Relatedcan i configurfe iptables except using terminal ? like 32-bit interface application
View 1 Replies View RelatedI am encountering problems to configure my firewall (through iptables) to allow apt-get features, like update and install.I have the latest debian server running in a virtual machine in my windows xp and therefore I have two interfaces in this debian server:- NAT Interfaceinet: 10.0.2.15- Host Only Interfaceinet: 192.168.56.101So far my iptable rules drop all packets for default, in exception icmp and ssh that I allow to ping and connect from my windows xp. Both of them I use only the Host interface (192...) to connect to another 192... interface on my windows.
Those are working fine, but apt is not. I know, in this very moment it shouldn't. But I made a lot of attempts trying to configure the iptables allow connections through the 80 and 21 ports from/to NAT and Host. I think I made all possible combination (or not, because it didnt work). But I'm wondering if someone more experient can help me solve this problem.
I have a mail server with IPTABLES enabled.I want to allow access to:
41.0.0.0/8
58.0.0.0/8
61.0.0.0/8
[code]....
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedI'm looking to use Linux (Ubuntu 9.10) as a network bridge between two subnets. I can configure iptables to permit all traffic on eth0 (subnet 1) to pass to eth1 (subnet 2) but before transmitting that traffic I want to perform further analysis. Is it possible within iptables or via a third-party product such a pyroman, to write a "hook" that then directs that traffic to another application installed on the same host?
View 2 Replies View RelatedI am trying to configure iptables for only HTTP and HTTPS traffic. I start by blocking all traffic, which works, via:
Code:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
I then try to allow HTTP and HTTPS on eth0 with these commands, which does not work:
Code:
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
Code:
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT After these commands I should be able to access the internet. Does anyone know why this is not working?
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
I am using centos 5.3 , and also using webserver in local network
Here is all configuration
1, server
eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1
2, webserver
eth0 10.0.0.2
I want set iptables on server 1 , to acces webserver from other city ,
How to configure iptables
I am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies View RelatedI have been experiencing a problem where the screen loads and after initial first few lines breaks up into multiple repetitions of lines. Reloading helps but has to be repeated when pageing down. Mail is no problem; it is supplied by my network provider. OS is openSUSE 11.2 which I update when advised. Below is a sample from the error console:
[Code]...
I've just installed Kubuntu 11.04, switched on wobbly windows effect. It runs very smooth on my Nvidia GeForce 7600 GS with dual screen twinview turned on. However, I get these lines when I drag/move the window upwards - see screenshot:
View 6 Replies View RelatedHow do you remove parts of strings using python? Such as, if I have something like:
Code:
erme1 sdifskenklsd
erme2 sdfjksliel
[code]....
I've come across an unusual requirement for a service in my Ubuntu system.Simply put, I need to find a way to search for all instances of a term in a file, delete lines containing containing that term, and delete four lines below each instance of that term. ither that, or copy the entirety of a file to a new file and skip over all lines containing the term plus four below it.This sounds kinda weird, I know. Without going too far into detail, I either have to change the logfile format for a server I'm running which is a huge pain in the butt, or I can just run a script to edit an HTML report generated from said logs. (Said report is really just for managers to peruse, and I like my log format, so I'm pursuing option 2.)
View 4 Replies View RelatedI am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedI have some data like below:
interface Vlan1
description Management LAN
interface Vlan41
description Somelan
interface Vlan65
description Some other lan.
service-policy input 2Mbps
service-policy output 2Mbps
How can I get sed to look at this txt file and add a comma at the beginning of every new line between the interface lines. i.e.:
interface Vlan1
,description Management LAN
interface Vlan41
,description Somelan
interface Vlan65
,description Some other lan.
,service-policy input 2Mbps
,service-policy output 2Mbps
I have this file and i need a command to permanently add a line of code to the file and sort the file by ID. I was able to add a line with the echo command but its not permanent
Code: 111:Smith:Mary:Davison:Attorney
222:Stumblebum:Jason:Novi:Student
229:Esposito:Amy:Toronto:Artist
[code]....
View the entire contents of the file / etc / passwd, showing first 10 lines of file / etc / group, 10 displayed the last line of the file / etc / group. And
- The total number of lines and characters in file pwd and grp
I have weird graphical glitches in Gnome 3. They appeared in RC3 and now appear in the final release, but they didn't appear in beta. Here's what they look like, there are horizontal white lines appearing in different places where they shouldn't appear:
[URL[
it can be a result of this bug:[URL] but my glitches look different than the ones in there.
I have a Mobility Radeon HD 5650 video card. Should I just update my system regularly and hope it gets fixed, or is there some way to fix it by tweaking some settings or stuff? Maybe by installing the official ATI drivers? I'm not sure, but I've read somewhere that the official drivers don't work well with Gnome 3, is that true?
Downloaded the F10 live CD. Booted to it, got past the white, blue, and dark blue loading bar then my screen would be covered in black and white lines. No sign of the GUI except for a mouse cursor. ctrl+alt+backspace would cause the display to blink off and then come back on to the same thing. ctrl+alt+f2 would bring me to a terminal, logged in as root, but from there I couldn't do anything. startx would tell me I had x running on another screen.
hitting tab when booting the livecd and adding "xdriver=vesa" and "nomodeset" to the boot line. That works. I get to the desktop at native res with desktop effects. Killer. I tried to install; install went flawless, rebooted to my HDD and the same issue, black and white bars. When booted to my HDD, however, ctrl+alt+f2 doesn't bring me to a terminal, it causes my monitor to go into sleep mode and my computer becomes unresponsive so I can't do anything from the command line.
Here's what I'm getting at : how do I get my installed version of F10 to do the "xdriver=vesa" and "nomodeset" args that the livecd can do?
My machine is a home built machine I bought off of a friend. P4 2.4 ghz, GB RAM, 2 80GB HDDs, Radeon x1600.
So, my second real attempt at getting the 64 bit F11 up and running. I just started adding stuff before all the updates. Crash. So, I'm in the post install phase. Before anything else I installled akmod-nvidia manually, rebooted, and I'm doing yum update right now. I'm hoping many dependencies are solved in the update. There are about 209 line items to update after the initial install. Been updated all afternoon.
So, after the updates are done, I'm heading over to download the different repos I need for the fun stuff. Did you know Java is installed with this first yum update? Wasn't like that in F10. I think I tried 5 times on F10 before I got it right.
I've only seen this occur in cases where I'm viewing a GPG-signed message and a line wraps. A plus sign appears at the beginning of the next line. Is this something I can get rid of?
View 10 Replies View Related