Alexey Loukianov wrote:
Greetings, Rangi.
30 ноября 2006 г., 23:25:41 you have wrote:
Hey Dairenn,
I may be wrong here. But I believe if you use yum to do an update you could
quite possibly upgrade the entire system to CentOS 4.4
I'm not sure what that may affect for you but it is a possibility none the
less.
-----Original Message-----
From: Dairenn Lombard [mailto:[EMAIL PROTECTED]
Sent: Friday, 1 December 2006 9:26 a.m.
To: [email protected]
Subject: RE: [qmailtoaster] SMTP Connection Throttling by IP address
-----Original Message-----
From: Philip Nix Guru [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 30, 2006 12:17 PM
To: [email protected]
Subject: Re: [qmailtoaster] SMTP Connection Throttling by IP address
Here we go
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state
NEW -m recent --set
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state
NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
Same ip is allowed to connect to port 25 10x/60seconds
then it is blocked
It worked on my CentOS 4.4 box, but it didn't on my CentOS 3.6 box:
Applying iptables firewall rules: tiptables-restore v1.2.8: Couldn't
load match `recent':/lib/iptables/libipt_recent.so: cannot open shared
object file: No such file or directory
How do I install libipt_recent.so? By upgrading iptables? Is it
possible to do that without upgrading the kernel? It's running the
2.4.21-37.EL linux kernel which could be because it is a CentOS 3.6
system and a newer kernel RPM is not available for CentOS 3.x.
Upgrading from CentOS 3.x to 4.x should not be done in a such way.
First of all, there's no way to do it as a simple sequence of yum
reconfiguration and yum update commands (the same to up2date, which I
prefer most). Secondly, CentOS 3.x uses kernel 2.4.21, while CentOS
4.x uses kernel 2.6.9. There's a big difference between then in how
they cope with older hardware. For example, the stock CentOS 4.x
kernel doesn't supports older PCI MegaRaid SCSI cards. You will have
to manage to build driver-disk or a kernel module yourself on another
system with CentOS 4.x installation in order to use such install
CentOS 4.x on a boxes with such boxes as a primary SCSI controller.
Meanwhile, CentOS 3.x supports them well without any need for a kernel
recompilation.
There are a lot of other caveats I don't want to mention here which
must be kept in mind while trying to upgrade from CentOS 3.x to 4.x
without backup-format-install-restore procedure.
As for iptables troubles - there is another way to achive the same
functionality on CentOS 4.x.
Something like:
iptables -A INPUT -p tcp --dport 25 -m limit --limit 20/minute --limit-burst 1
-j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j REJECT --reject-with tcp-reset
Search iptables manual page for limit target.
Those iptable rules are global NOT by ip
dangerous I think :) it you get attacked on port 25
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
