privet,
razgledah otnovo i vidiah kakvo kuca. sled kato savenesh tozi line:
iptables -A OUTPUT -m owner ! --uid-owner 0 -m limit ! --limit
1000/second -j DROP
v /etc/sysconfig/iptables otiva pogreshno kato:
[5:249] -A OUTPUT -m owner --uid-owner !root -m limit --limit 1000/sec -j
DROP
vmesto kato:
[5:249] -A OUTPUT -m owner ! --uid-owner 0 -m limit ! --limit 1000/sec -j
DROP
i iptables sled tova ne haresva syntaxisa. stava duma za malyk prase bug v
/etc/init.d/iptables:
vmesto tozi line:
'/sbin/iptables-save -c > $IPTABLES_CONFIG 2>/dev/null && \'
sloji:
'echo > $IPTABLES_CONFIG ; chmod 600 $IPTABLES_CONFIG ;
/usr/local/sbin/iptables-save -c &> /dev/null && \'
^^^^^^^^^^^^
i niama da ima nito gyk poveche. sledovatelno triabva da pishesh do
vendora si :)
pozdravi,
/s
On Fri, 9 Aug 2002, Nikolai Abromov wrote:
> Zdrasti Sheib
>
>
> tova s " " okolo $ beshe edno ot purvite neshta koito probvah da napravq
> inache (inache versiata mi e v1.2.6a) i putq do scriptovete si e kakto
> trqbva (pone na pruv pogled) i vse pak shte gi razgledam po-obstoino.
>
>
> thanks
>
>
>
>
>
>
>
> -----Original Message-----
> From: sheib [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 08, 2002 8:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: lug-bg: iptables
>
>
> On Thu, 8 Aug 2002, Nikolai Abromov wrote:
>
> zdrv.
>
> variant 1 - updatenal si iptables do 1.2.6a, no v scripta ti
> (/etc/init.d/iptables) ima pointvane kym chast(i) ot staria --
> triabva da updatenesh linkovete/paths v nego.
>
> variant 2 - sloji "" okolo $ v iptables scriptovete (save part).
>
> pozdravi,
>
> /s
>
> > Zdraveyte list,
> >
> >
> >
> > imam maluk problem s iptables, pisah do [EMAIL PROTECTED] no oshte ne
>sa mi otgovorili
> > zatova reshih da pisha na lug, znachi problema mi e slednia .. pravq si rule
>izpolzvaiki owner i limit
> > modula - praviloto izglejda eto taka
> >
> > -A OUTPUT -m owner ! --uid-owner 0 -m limit ! --limit 1000/second -j DROP
> >
> >
> > sled koeto si save-am rule-to "/etc/init.d/iptables save active" - spiram go
> > i pak se opitvam da go pusna , efecta ot puskaneto beshe
> >
> > Loading iptables ruleset: load "active"iptables-restore v1.2.6a: Bad OWNER UID
>value `!root'
> >
> > sled koeto reshih da smenq v /var/lib/iptables/active !root s !0 - efetcata beshe
>sushtia.
> >
> > vtoria problem koito imam e che v statistikata nevijdam tozi invers koito pravq s
>! -- limit 1000/second
> >
> > stat:
> > DROP all -- anywhere anywhere OWNER UID match 340
>limit: avg 1000/sec burst 5
> >
> > a izglejda che drop-va packatite koito sa pod 1000 koeto znachi che "!" nesrabotwa
>, zatova si napravih test i sas
> > samostoqtelen user no i pri nego se drop-vaha packeti .. seshtam se za nachin
>po-koito moga da go opravq no
> > ideqta e da go napisa na edin red tozi rule ako nqkoi e imal podoben problem shte
>se radvam ako spodeli kak go e opravil
> >
> >
> > thanks in advance
> >
> >
> >
> > br,Nikolay Abromov
> >
> > .
> >
> >
> >
> >
> >
> >
> >
> >
>
> ============================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
> ============================================================================
> ============================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
> ============================================================================
>
>
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
