FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-26-2008, 02:57 PM
noro
 
Default iptables connlimit

hi,

i try use iptables connlimit,

# iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16
--connlimit-mask 24 -j DROP

iptables: Unknown error 4294967295

where is problem ?
thanks


# rpm -qa | grep iptables
iptables-1.3.5-4.el5

# uname -a
Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686
i686 i386 GNU/Linux




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Thu Jun 26 18:30:01 2008
Return-path: <fedora-list-bounces@redhat.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Thu, 26 Jun 2008 17:59:49 +0300
Received: from hormel1.redhat.com ([209.132.177.33] helo=hormel.redhat.com)
by s2.java-tips.org with esmtp (Exim 4.68)
(envelope-from <fedora-list-bounces@redhat.com>)
id 1KBswv-000505-Os
for tom@linux-archive.org; Thu, 26 Jun 2008 17:59:49 +0300
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [10.8.4.110])
by hormel.redhat.com (Postfix) with ESMTP id 439EE6186CC;
Thu, 26 Jun 2008 10:59:48 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
[172.16.52.254])
by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id
m5QExiYV028109 for <fedora-list@listman.util.phx.redhat.com>;
Thu, 26 Jun 2008 10:59:45 -0400
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m5QExh9j013603
for <fedora-list@redhat.com>; Thu, 26 Jun 2008 10:59:43 -0400
Received: from mars.math-info.univ-paris5.fr (mars.math-info.univ-paris5.fr
[193.48.200.18])
by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m5QExTNV006099
for <fedora-list@redhat.com>; Thu, 26 Jun 2008 10:59:29 -0400
Received: from [127.0.0.1] (mars.math-info.univ-paris5.fr [127.0.0.1])
by mars.math-info.univ-paris5.fr (8.14.1/jtpda-5.4) with ESMTP id
m5QDxShn030305
for <fedora-list@redhat.com>; Thu, 26 Jun 2008 15:59:28 +0200
Message-ID: <4863AED0.6030106@math-info.univ-paris5.fr>
Date: Thu, 26 Jun 2008 16:59:28 +0200
From: =?ISO-8859-1?Q?Fran=E7ois_Patte?=
<francois.patte@math-info.univ-paris5.fr>
User-Agent: Thunderbird 2.0.0.14 (X11/20080501)
MIME-Version: 1.0
To: fedora-list@redhat.com
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
X-Miltered: at mars.math-info.univ-paris5.fr with ID 4863A0C0.000 by Joe's
j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Score: MSGID : 4863A0C0.000 on mars.math-info.univ-paris5.fr :
j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-RedHat-Spam-Score: -0.043
X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254

X-Scanned-By: MIMEDefang 2.63 on 172.16.48.32
X-loop: fedora-list@redhat.com
Subject: scrambled image with xine
X-BeenThere: fedora-list@redhat.com
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: For users of Fedora <fedora-list@redhat.com>
List-Id: For users of Fedora <fedora-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>,
<mailto:fedora-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/fedora-list>
List-Post: <mailto:fedora-list@redhat.com>
List-Help: <mailto:fedora-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>,
<mailto:fedora-list-request@redhat.com?subject=subscribe>
Sender: fedora-list-bounces@redhat.com
Errors-To: fedora-list-bounces@redhat.com
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bonjour,

I installed xine on my laptop and if I want to whatch a dvd the image is
completely unreadable: scrambled as if the dvd was crypted.

No problem with vlc, no problem with totem-xine.

totem, installed by default, doesn't work, whatever the install I made
up to now.

Anybody has any ideas?

Thanks
- --
Fran=E7ois Patte
UFR de math=E9matiques et informatique
Universit=E9 Paris Descartes
45, rue des Saints P=E8res
F-75270 Paris Cedex 06
T=E9l. +33 (0)1 44 55 35 61
http://www.math-info.univ-paris5.fr/~patte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFIY67QdE6C2dhV2JURAgeCAJ9LcwUpPppXmHtfVVZetq lwJXDmPACfeLBV
XjxAfGTcXWLIhBdrLHK0y2o=3D
=3DUwUf
-----END PGP SIGNATURE-----

--=20
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 06-29-2008, 07:19 AM
Peter Riley
 
Default iptables connlimit

noro wrote:
> hi,
>
> i try use iptables connlimit,
>
> # iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16
> --connlimit-mask 24 -j DROP
> iptables: Unknown error 4294967295
>
> where is problem ?
> thanks
>
>
> # rpm -qa | grep iptables
> iptables-1.3.5-4.el5
>
> # uname -a
> Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686
> i686 i386 GNU/Linux
>

Hi. The problem isn't yours alone. Despite the man page, there is no
support for the iptables connlimit match in CentOS 5 nor any previous
version.

The real issue is that, due to the way RH builds iptables(*), there
have been longstanding disparities(**) between the iptables userspace
tool and the kernel. For example, in Fedora 6/RHEL 5/CentOS 5, although
there is an iptables module in /lib/iptables/libipt_connlimit.so which
supports the connlimit match in iptables, there is no corresponding
netfilter module in /lib/modules/(version)/kernel/net/ipv4/netfilter/
to handle it in the kernel. Fedora 3/RHEL 4/CentOS 4 have the same
problem. Other disparities exist as well.

Anyway, since there is no stock kernel support for connlimit, the
iptables module included in these distros is rather useless to you.

The kernel module is not included in the centosplus kernel either, so
if you really must have connlimit working on CentOS 5 there are three
options:

1. Upgrade your kernel to a newer version.

The connlimit module finally went into mainline at kernel v2.6.23.
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23

IIRC, Fedora 7 doesn't support connlimit in the kernel either,
but Fedora 8 and 9 do.

2. Patch it and maintain your own build.

See http://www.netfilter.org/projects/patch-o-matic/pom-external.html#pom-external-connlimit

3. Find a pre-built module maintained elsewhere.

I only know of one repository for RHEL4:
http://ftp.pslib.cz/pub/users/Milan.Kerslager/RHEL-4/stable/


Please note that the CentOS team won't support non-stock kernels.


Sorry for the bad news and the long message with irrelevant details
(they're for the list archive and googlers).


Best Regards,
PWR


(*) https://bugzilla.redhat.com/show_bug.cgi?id=191331#c8

(**) Some more examples:
https://bugzilla.redhat.com/show_bug.cgi?id=253014
http://linuxczar.net/wordpress/archives/67




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-01-2008, 12:37 PM
"Marcelo Roccasalva"
 
Default iptables connlimit

On Sun, Jun 29, 2008 at 4:19 AM, Peter Riley <Peter.Riley@hotpop.com> wrote:
>
> noro wrote:
>> hi,
>>
>> i try use iptables connlimit,

[...]

> Hi. The problem isn't yours alone. Despite the man page, there is no
> support for the iptables connlimit match in CentOS 5 nor any previous
> version.

Maybe you can make the recent module do the job, kind of...

--
Marcelo

"¿No será acaso que ésta vida moderna está teniendo más de moderna que
de vida?" (Mafalda)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org