I have slackware 13.0 on my HP 520 laptop.My machine is connected to the internet and it also act as a gateway for other machine of mine.
I want to use mac filtering options of iptables.But i am getting following error
iptables v1.4.3.2: Couldn't load match `ac-source':/usr/libexec/xtables/libipt_ac-source.so: cannot open shared object file: No such file or directory
I've been using an old Fortigate-60 at home for the kids for some time but now the license is expired again. Are there any free or inexpensive alternatives? I'd like something I can run on a linux firewall and share against multiple users, with different profiles. In the past I ran squid and I whitelisted sites each kid was allowed to use but this becomes tedious as the kids get older and need access to more. I'd love something that could check a website rating or category list, let the user through for certain categories, and block bad or unrated sites. I don't really need virus checking or email scanning or the like.
View 1 Replies View RelatedI have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
I'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
I have several CS servers running on ubuntu server, and sometimes someone is trying to brute server's RCON password with the program called HLBrute. I've found the following rules to prevent such hack attacks, but they don't work What can be wrong in these rules?
Quote:
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -m limit --limit 1/hour --limit-burst 5 -j LOG --log-prefix " HLBrute_Ataka "
iptables -A INPUT -p udp -m multiport --dport 26000:30000 -m string --algo kmp --string "HLBrute" -j DROP
Does anyone have tips about iptables rules for filtering network traffice?
View 2 Replies View Relatedis this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
I just installed slackware 13.1 and my KDE is version 4.4.3, I want to upgrade to version 4.6.1 or at least 4.6.0. I have used alien repository and download KDE 4.6.1 but it doesn't work.
Are they any options to upgrade my KDE to 4.6.1 or not?
I've been googling and reading up on how to set build optimizations for my system, and after consulting the Arch Wiki, old threads here, and some mailing lists, I've concluded that the way to set CFLAGS, etc. is by putting this in /etc/profile:
Code:
export CHOST="x86_64-unknown-linux-gnu"
export CFLAGS="-march=native -O2 -pipe"
[code]....
I recently tried to upgrade my Slackware server's sendmail software from 8.14.3 to 8.14.4 and ran into a problem. In a nutshell all outbound non local mail is routed through a smart host requiring authentication. As a result I use a modified version of the "sendmail-slackware-tls-sasl-clamav.mc" to build the sendmail.cf. However, when I tried to run sendmail 8.14.4 with my newly created sendmail.cf I was greeted with the following.
Warning: Option: AuthMechanisms requires SASL support (-DSASL)
Warning: Option: AuthOptions requires SASL support (-DSASL)
Warning: Option: CACertPath requires TLS support
Warning: Option: CACertFile requires TLS support
[Code]....
Apparently SSLv2 is now considered weak and the directive is a good idea, but at present this directive is not supported by the sendmail in this package.
I want to compile a kernel to add a few options that are not enabled in the huge-smp-2.6.29.6 that comes with slackware. specifically, i want to add TASK_DELAY_ACCT and TASK_IO_ACCOUNTING so that I can use iotop. I just want to add those 2 options to the new kernel, everything else I'd like to keep the way it is as the system has been running just fine. Will running 'make menuconfig' in /usr/src/linux default to the options that are used in the stock kernel?
View 3 Replies View RelatedI used btrfs, but my Slackware root is really a subvolume named system and not the root of btrfs. I do a similar setup of having the OS's root in it's own filesystem on FreeBSD+ZFS.Anyways, my problem lies in mkinitrd. There's no way to enter extra boot options, as I require subvol=system to be added to mount -o ro -t $ROOTFS $ROOTDEV /mnt.in the init script of /boot/initrd.gz. I don't reboot often and it's easy to manually remount /mnt with the correct options, however, is there another way of passing boot options to mkinitrd?
I see Patrick is the author of mkinitrd, so maybe this kind of option could, or maybe should, be added? I'm sure most people wouldn't make a subvolume for the OS's root, but I've been use to it with ZFS and prefer it for some reason.
Do I need to add any special options to mkinitrd for AHCI configuration?
mkinitrd -c -k 2.6.37.6-smp -m ext4
Does it know I'm not in legacy PATA mode or do I have to add something to load AHCI module with it?
I need to enlarge the root file system on a Slackware 13.0 32-bit system; it's in a simple logical partition (/dev/sda6) -- no LVM, mirroring etc. This might be a good opportunity to change from ext4 to jfs, too.Routine procedure, no? No!First off I booted Knoppix 5.31 but found it doesn't have ext4 support (no efs2ck and running fsck results in "fsck.ext4: not found").So I booted Slackware 13.0 32-bit CD-1 only to get the same as with Knoppix.I do have a GParted-liveCD 0.3.4-11 but have had mixed experiences with it so am reluctant, despite having backups.
View 11 Replies View RelatedI noticed that there is a 1.0.1 version of xfce4-power-manager, so I tried it out last night. Note: It requires libxfce4ui >= 4.7. I compiled it using the same SlackBuild script as the one in Slackware 13.1. It compiled and installed just fine. However, when I logged out of XFCE and logged back in, I could only set a few options, and battery options were completely non-existant.
I double-checked, and my user account in in the power group. Has anyone else had a similar problem? In the meantime, I've downgraded back to the 0.8.5 version that Slackware ships with.
I'm familiar with editing Grub's "menu.lst" file to add additional OS's to the boot list. Does Slackwares Lilo have a similar config file ? I need to add a second physical drive with Windows 7 on it to the boot options in Lilo. If it's not a config file, how do I add a second os to it ? Slack and Windows are both already installed on two different physical drives so I won't be installing, I just need to add the Windows drive to Lilo.
View 5 Replies View Relatedhow to set an external static IP address to forward to an internal static IP address. Here is an example:
Linux box (slackware) IP address =
eth0: 10.xxx.xxx.xxx (internal)
eth1: xxx.xxx.xxx.170
eth1.0: xxx.xxx.xxx.171
eth1.1: xxx.xxx.xxx.172
DVR system that I need to forward to: IP address =
xxx.xxx.xxx.251
xxx.xxx.xxx.252
This was all setup by someone else whom I have never spoken with. The IP tables seems to be set up but I cannot provide a screen shot at this time. What I need to do is this. When a user connects to the external static IP address of xxx.xxx.xxx.171 with their DVR software, IP tables will forward to the DVR system at xxx.xxx.xxx.251. The ports desired are 554,555,556, and 557. I know some about Linux but not about IPtables.
I`m running a rather simple iptables script, but no matter what port i try to forward it wont open. Here are the basics:
Code:
ipt="/usr/sbin/iptables"
$ipt -F
[code]...
Does the rc.firewall script just use iptables or is that something completely different?
View 3 Replies View RelatedI use slackware 13.0 64bit and VGA EN9400GT, I have two monitor samsung that is: SNX(CRT-0) && 943SNX(CRT-1) series, i had try setting it in nvidia X server settings but the resolution as CRT-1 only have 2 options that is: 640x480 & 320x240. this is my xorg.conf # nvidia-settings: X configuration file generated by nvidia-settings # nvidia-settings: version 1.0 (buildmeister@builder58) Fri Mar 12 02:13:46 PST 2010
[Code]....
I have Windows 7 and Slackware on my laptop, but I reinstall Windows 7 and now I cannot enter at Slackware ( I don't have anymore start screen to choose OS). Do I need to install again Slackware or just lilo and how to do that?
View 12 Replies View RelatedSo I have the burned ubuntu CD, and I'm attempting to install it on a system that has one HDD with XP/Vista on it, and another that is completely formatted and unpartitioned. However, when I boot to the ubuntu CD, I can use the menus from the bottom, and select the language when initially prompted, but I can't select any of the menu options except for boot from first hard drive.
View 1 Replies View RelatedI am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedI am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedI did a recursive search using grep in a list of files for lines containing a specific word. It brought everything up ok but now I need to filter it out and print the results to a file with
* Path Name
* A section of the line
The path ends in a colon and after it could be any number of words, spaces, and punctuation which the one phrase I need being somewhere in there - I need the phrase to be filtered out and merged with the path like this
"path/to/file: phrase"
I'm guessing awk is the best way to do this but I don't know anything at all about awk except it specializes in filtering.
Let's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?
View 6 Replies View Related