|> u see no qdiscand it works.. do u have explanation ?! ... take into
|> account that class X is htb :")
|A filter only works within 1 qdisc. You can get your first setup working if
|you add 2 filters, one for the root qdisc and one for the qdisc X.
]- cant see the logic 'could u explain t
> |---class X htb => qdisc X
> | |---class Y ==> qdicsY
> | |---class Z ==> qdicsZ
> |---class A
Just a guess, but:
In this configuration the root qdisc (to which your filters are attached)
doesn't know anything about classes Y and Z; it only "sees"
Depends, if your firewall's default policy is set to DROP then you'd
want to DROP unwanted packets.
On the other hand if you allow everything and only want to block packets
to certain (maybe M$ related) ports, then DROPping them is seen by the
evil attacker scanning your network's holes. Altho
On Wednesday 19 November 2003 12:51, raptor wrote:
> I seem to solved the problem !!
> just on top of my head... I had the following config (by memory) :
>
>
> root qdisc htb
>
> |---class X htb => qdisc X
> |
> | |---class Y ==> qdicsY
> |
On Wednesday 19 November 2003 09:02, Thomas Switala wrote:
> Hi
>
> I have a bandwidth manager configured on the following system:
>
> RedHat 8.0
> Kernel - 2.4.20 (Recompiled and I changed the
> SFQ_DEPTH to 512
>
with a reject u send a reject signal back to the origin. In case of a
DoS this generates more traffic.
wich one to use mainly depends how do u want to protect a port and what
kinds of attacks u expect to receive.
Jorge S.
On Wed, 2003-11-19 at 11:11, Guilherme Viebig wrote:
> Some say that DROP
Not a LARTC question. Try firewall-wizards or netfilter.
: Some say that DROP is the ideal manner to deal with non authorized
: requests, but using DROP let the atacker know the ports which are
: filtered. Using REJECT simply add one step to all proccess, sending the
: reject signal back to t
Hello everybody.
I'm playing with ipsec on linux 2.6.0-test9 + ipsec-tools-0.2.2
I have a question.
I would like to implement a simple esp-tunnel with ipcomp. I have
written this:
#!/usr/local/sbin/setkey -f
flush;
spdflush;
spdadd 10.1.2.0/24 10.1.1.0/24 any -P in ipsec
esp/tunnel/172.16.1.247-
Some say that DROP is the ideal manner to deal with non authorized requests,
but using DROP let the atacker know the ports which are filtered. Using
REJECT simply add one step to all proccess, sending the reject signal back
to the oringin.
What your perspective about it?
_
Quoting Ira Abramov, from the post of Wed, 19 Nov:
> I have a router machine, kernel 2.4.20 with 4 physical interfaces (but
> many more virtual ones over differel VLANs). we need to NAT/route
> between hosts on different VLANs, but with the same address, for
> instance, 10.0.0.2 reachable via eth0.
Hi all
i was going through the documents
i need to achive the following setup, but iam confused to deploy
but some one recomed me what will be good
offic other office - Switch lan users
___
--- fiber li
Hello people,
I have a router machine, kernel 2.4.20 with 4 physical interfaces (but
many more virtual ones over differel VLANs). we need to NAT/route
between hosts on different VLANs, but with the same address, for
instance, 10.0.0.2 reachable via eth0.2 needs to talk to 10.0.0.2 which
is on eth0
I seem to solved the problem !!
just on top of my head... I had the following config (by memory) :
root qdisc htb
|---class X htb => qdisc X
| |---class Y ==> qdicsY
| |---class Z ==> qdicsZ
|---class A
and with
Hi all,
I have a network with a Redhat 8.0 gateway. It has 3 nic's, 1 connected
to the lan, and the other 2 connected to ADSL routers. I have configured
split access with load-balancing, using ip rules and ip routes (with
weight 1 for both external interfaces).
The load-balancing is working to a
Hi
I have a bandwidth manager configured on the following system:
RedHat 8.0
Kernel - 2.4.20 (Recompiled and I changed the
SFQ_DEPTH to 512
and the SFQ_HASH 3072
I am using 2.4.20 with fw filters and 2.4.22 with u32 filters, had no
problem as far.
On Wed, 19 Nov 2003 00:48:18 +0200
raptor <[EMAIL PROTECTED]> wrote:
> yep my test kernel is 2.4.22-ck, but this also happens on other
> machine with 2.4.20 kernel !! i'm with gentoo.. So it has to be
> someth
16 matches
Mail list logo