13 10 - Page 119 - Developer IT

iOS ou Android, quelle est la plate-forme la plus sécurisée ? Symantec penche en faveur d'iOS malgré ses failles 10 fois plus nombreuses

iOS ou Android, quelle est la plate-forme mobile la plus sécurisée ? Symantec penche en faveur d'iOS en dépit de ses vulnérabilités 10 fois plus nombreuses La sécurité des plateformes mobiles est certes meilleure que celle des ordinateurs, mais elle reste insuffisante d'après le nouveau rapport de Symantec intitulé « regard sur la sécurité des périphériques mobiles : analyse des approches de sécurités employées sur Apple iOS et Google Android ». Ce document de 23 pages affirme sans surprise que les périphériques mobiles offrent formellement plus de sécurité que les plateformes Desktop, pour peu que l'on ne transgresse pas les lignes de conduite imposées par les éditeurs de ...

Read the article

Is it a bad practice to store large files (10 MB) in a database?

- by B Seven

I am currently creating a web application that allows users to store and share files, 1 MB - 10 MB in size. It seems to me that storing the files in a database will significantly slow down database access. Is this a valid concern? Is it better to store the files in the file system and save the file name and path in the database? Are there any best practices related to storing files when working with a database? I am working in PHP and MySQL for this project, but is the issue the same for most environments (Ruby on Rails, PHP, .NET) and databases (MySQL, PostgreSQL).

Read the article

Apple aurait déjà vendu plus de 10 millions d'iPad, l'appareil connait un beau succès malgré les critiques

Mise à jour du 05.12.2010 par Katleen Apple aurait déjà vendu plus de 10 millions d'iPad, l'appareil connait un beau succès malgré les critiques Aujourd'hui nous allons faire un peu de calcul. En septembre, Apple avait annoncé officiellement avoir vendu 7.5 millions d'iPad dans le monde, depuis le lancement de l'appareil en avril. Puis, la semaine dernière, l'analyste Gene Munster (travaillant pour Piper Jaffray), a estimé les ventes du produit à 5.5 millions d'unités pour le quatrième trimestre 2010. Alors, même si cette période n'est pas encore achevée, vu la ruée des consommateurs dans les magasins pour Noël (il fallait voir l'Apple Store d'Opéra cet après-midi : il fallait faire la...

Read the article

How to completely remove a package that didn't install properly?

- by chtfn

I recently installed a package from a ppa on Ubuntu 12.04 beta, but apparently it didn't work out, and now it is giving me errors at every update or install I make, even after deactivating the ppa from my sources. This is what I get when I try uninstalling from USC: installArchives() failed: (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 295120 files and directories currently installed.) Removing oracle-java7-installer ... update-alternatives: error: unknown argument `cdrom' dpkg: error processing oracle-java7-installer (--remove): subprocess installed pre-removal script returned error exit status 2 No apport report written because MaxReports is reached already Downloading... --2012-04-12 13:13:21-- http://download.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-i586.tar.gz Rsolution de download.oracle.com (download.oracle.com)... 203.13.161.233, 203.13.161.234 Connexion vers download.oracle.com (download.oracle.com)|203.13.161.233|:80... connect. requte HTTP transmise, en attente de la rponse... 302 Moved Temporarily Emplacement: https://edelivery.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-i586.tar.gz [suivant] --2012-04-12 13:13:21-- https://edelivery.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-i586.tar.gz Rsolution de edelivery.oracle.com (edelivery.oracle.com)... 173.223.150.174 Connexion vers edelivery.oracle.com (edelivery.oracle.com)|173.223.150.174|:443... connect. requte HTTP transmise, en attente de la rponse... 302 Moved Temporarily Emplacement: http://download.oracle.com/errors/download-fail-1505220.html [suivant] --2012-04-12 13:13:22-- http://download.oracle.com/errors/download-fail-1505220.html Connexion vers download.oracle.com (download.oracle.com)|203.13.161.233|:80... connect. requte HTTP transmise, en attente de la rponse... 200 OK Longueur: 5307 (5,2K) [text/html] Sauvegarde en : ./jdk-7u3-linux-i586.tar.gz 0K ..... 100% 4,94M=0,001s 2012-04-12 13:13:22 (4,94 MB/s) - ./jdk-7u3-linux-i586.tar.gz sauvegard [5307/5307] Download done. sha256sum mismatch jdk-7u3-linux-i586.tar.gz Oracle JDK 7 is NOT installed. dpkg: error while cleaning up: subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: oracle-java7-installer Error in function: I also tried "remove completely" from synaptic but it doesn't work either. Thank you for your help in advance!

Read the article

Oracle Database In-Memory Launch - Featuring Larry Ellison - June 10 - Joint the live webcast!

- by Javier Puerta

For more than three-and-a-half decades, Oracle has defined database innovation. With our market-leading technologies, customers have been able to out-think and out-perform their competition. Soon they will be able to do that even faster. At a live launch event and simultaneous webcast, Larry Ellison will reveal the future of the database. Promote this strategic event to customers. Watch Larry Ellison on Tuesday, June 10, 2014 19:00 – 20:30 a.m. CET 6:00 pm - 7:30 pm UK Join the webcast here!

Read the article

Palaiseau : première ville 100% fibre en France, le pays entièrement équipé d'ici 10 ans ?

Palaiseau : première ville 100% fibre en France L'expérimentation est menée par France Telecom, le pays entièrement équipé dans 10 ans ? Deux ministres ont fait le déplacement pour annoncer la nouvelle : Palaiseau et France Télécom-Orange vont expérimenter la première ville de France 100 % fibre. Cette expérimentation permettra aux Palaisiens, qu'ils soient habitants ou professionnels, de bénéficier du Très Haut Débit. Elle devrait permettre d'évaluer l'impact d'un réseau de dernière génération sur l'attractivité d'une ville et de mesurer la transformation des usages grâce à la fibre. Pour l'industrie des télécommunications, l'intérêt est également technique. Cette migrati...

Read the article

Oracle Database In-Memory Launch - Featuring Larry Ellison - June 10 - Joint the webcast!

- by Javier Puerta

For more than three-and-a-half decades, Oracle has defined database innovation. With our market-leading technologies, customers have been able to out-think and out-perform their competition. Soon they will be able to do that even faster. At a live launch event and simultaneous webcast, Larry Ellison will reveal the future of the database. Promote this strategic event to customers. Watch Larry Ellison on Tuesday, June 10, 2014 19:00 – 20:30 a.m. CET 6:00 pm - 7:30 pm UK Join the webcast here!

Read the article

DoNotTrack activé par défaut dans Internet Explorer 10, des annonceurs mécontents menacent de ne pas respecter l'en-tête HTTP

[IMG]http://blog.developpez.com/media/5341.png[/IMG] La prochaine version du navigateur de Microsoft, Internet Explorer 10, sera intégrée dans Windows 8. Elle proposera la fonctionnalité DoNotTrack (DNT) et elle sera activée par défaut ! Brendon Lynch, le responsable de la vie privée, relaye cette annonce, faite le 31 mai par Microsoft, via son blog : "Les utilisateurs pourront changer ce paramètre, mais par défaut le signal DNT sera envoyé aux sites web que les utilisateurs visitent". Une affirmation claire ! Pour ceux qui ne la connaissent pas, la fonction DoNotTrack rajo...

Read the article

Le HTML5, 6 à 10 fois moins rapide sur smartphone, d'après une étude : le standard est-il vraiment adapté pour les jeux mobiles ?

Le HTML5, entre 6 et 10 fois moins rapide sur smartphones que sur bureau Le standard est-il vraiment adapté pour des jeux mobiles ? Le HTML5 sur mobile n'est pas encore tout à fait adapté pour les applications multi-plateformes complexes. C'est en résumé la conclusion d'une étude menée par la société spaceport.io qui souligne par exemple que le rendu des animations en HTML5 sur Smartphones et tablettes est très largement inférieur à celui sur PC de Bureau. Voilà qui a de quoi faire réfléchir sur la dimension "développer une fois, fonctionne partout" semblable à celle de Java et tant vantée pour la technologie Web comme alternative à des développements natifs. D'après cett...

Read the article

Popularité des langages : Go de Google chute, Objective-C dans le Top 10, d'après l'index de juin de

Mise à jour du 07/06/10 Popularité des langages : Go chute, Objective-C dans le Top 10 D'après le classement du TIOBE Programming Community Index de juin Au delà de la rivalité entre Java et C, les deux langages qui continuent de se disputer la première place du classement des langages de programmation les plus populaires, l'index mensuel de TIOBE recèle en juin deux enseignements intéressants. Le premier concerne Go, le langage de Google qui avait récemment fait une progression fracassante. Go connait aujourd'hui un recul très significatif puisqu'il recule brutalement et disparaît du Top 20 de l'indice (21ème). En sens...

Read the article

Firefox booste de 10 à 26 % ses performances JavaScript avec IonMonkey, la bêta de la version 18 est sortie

Firefox booste de 10 à 26 % ses performances JavaScript avec IonMonkey la bêta de la version 18 sort Le prochain Firefox sera doté d'un nouveau moteur JavaScript permettant d'obtenir de meilleure performance pour les applications Web complexes. Les utilisateurs peuvent déjà avoir un premier aperçu du gain en rapidité de cette mouture grâce à la bêta de Firefox 18 qui est disponible en téléchargement. Firefox 18 introduit le nouveau compilateur JavaScript « Just In Time » IonMonkey, qui permet d'exécuter le code non pas au sein du navigateur, mais directement sur le processeur de la machine. IonMonkey se distingue du moteur JägerMonkey avec l'é...

Read the article

Hardware refresh of Solaris 10 systems? Try this!

- by mgerdts

I've been seeing quite an uptick in the people that are wanting to install Solaris 11 when they are doing hardware refreshes. I applaud that effort - Solaris 11 (and 11.1) have great improvements that advance the state of the art and make the best use of the latest hardware. Sometimes, however, you really don't want to disturb the OS or upgrade to the a later version of an application that is certified with Solaris 11. That's a great use of Solaris 10 Zones. If you are already using Solaris Cluster, or would like to have more protection as you put more eggs in an ever growing basket, check out solaris10 Brand Zone Clusters.

Read the article

Presenting to the New England SQL Server Users Group 10 Jun 2010!

- by andyleonard

I am honored to present Applied SSIS Design Patterns to the New England SQL Server Users Group on 10 Jun 2010! This is a reprise of the spotlight session presented at the PASS Summit 2009. Abstract "Design Patterns" is more than a trendy buzz phrase; design patterns are a way of breaking down complex development projects into manageable tasks. They lend themselves to several development methodologies and apply to SSIS development. Chances are you're using your own design patterns now! In this spotlight...(read more)

Read the article

Low-level 10-finger multi-touch data on the Nexus 7?

- by Croad Langshan

I'm considering getting a Nexus 7 to do some multi-touch development on Ubuntu in the run-up to 13.04 (i.e., now :-). What APIs, /dev files, or protocols are available, or could be made available with not too much work on my part? What data is available from the device? The data I want to get my hands on is -- if I can -- the same as I get from /dev/uinput/event* from an Apple Magic Trackpad, viz: positions of all touches (could be as many as 10 simultaneous touches, but much more typically 6 or fewer) their size/pressure (in both x and y directions) their angle their identity -- i.e. an integer that is somewhat reliably preserved across touch events, for as long as a finger doesn't lift off the surface Not all of this data is essential -- but the more of it there is, the merrier.

Read the article

BlackBerry 10 en danger ? Nokia voudrait bloquer les terminaux de RIM pour violation de ses brevets WLAN

BlackBerry 10 en danger ? Nokia voudrait bloquer les terminaux de RIM pour violation de ses brevets WLAN Mauvaise nouvelle pour RIM. Le constructeur canadien pourrait voir la commercialisation de ses terminaux bloquée dans plusieurs pays. Pour cause, une affaire de violation de brevets opposant la firme à Nokia, concernant l'utilisation du standard de réseau local sans fil WLAN (Wi-Fi) sur les téléphones portables. Nokia a adressé une note au tribunal de Californie pour demander l'exécution d'une sentence arbitrale qui empêcherait RIM de vendre des smartphones équipés de la norme WLAN, sur le territoire américain, jusqu'à ce que les deux firmes puissent trouver un accord.

Read the article

Google Drive : meilleure intégration avec le nouveau Gmail, la taille maximale des pièces jointes passe à 10 Go

Google Drive : meilleure intégration avec le nouveau Gmail La taille maximale des pièces jointes passe à 10 Go Google vient de mettre à jour son espace de stockage en ligne Google Drive. Le but est de l'intégrer de manière beaucoup plus intime avec Gmail en permettant d'insérer les documents depuis Drive directement dans un e-mail sans quitter le compte de messagerie. La manoeuvre est on ne peut plus simple avec l'arrivée d'une nouvelle icône en bas de la fenêtre « nouveau message » pour insérer les documents hébergés dans le Cloud de Google. [IMG]http://ftp-developpez.com/gordon-fowler/Nveau%20Gmail%20et%20G%20Drive.png[/IMG] Parmi les avan...

Read the article

En France, 4 logiciels sur 10 sont piratés mais beaucoup moins en Belgique, en Suisse et au Canada d

Mise à jour du 12/05/10 En France, 4 logiciels sur 10 sont piratés D'après BSA : et d'après votre expérience ? Bon ou mauvais élève ? Tout est question de point de vue. Avec un taux de 40 % de logiciels piratés (entreprises et particuliers cumulés), la France se classe dans la moyenne mondiale selon l'estimation annuelle que vient de publier la Business Software Alliance (BSA). Ce chiffre, considéré comme en recul par l'alliance, est en fait quasiment stable (41 % l'année dernière). Il représenterait un chiffre d'affaires de 2 544 millions de dollars. Comparée aux premiers de la classe, la France fait don...

Read the article

Sortie de Qt Mobility 1.0.0, 10 nouvelles API pour les plateformes mobiles : envoi de SMS au rendez-

Après un peu d'attente, voilà enfin la première sortie officielle de Qt Mobility. Cette release contient 10 API dont 9 sont considérées comme finales et 1 comme beta. Les 9 API finales sont les suivantes : Service Framework Bearer Management Messaging Contacts Versit Publish and Subscribe Location System Information Sensors L'API multimédia quant à elle est à un très bon état de développement, mais l'équipe de développement se réserve la possibilité de modifier cette version. Dans ce cas, cette version beta ne sera pas maintenue, il est donc à vos risques et périls de l'utiliser dès à présent. Où les trouver ? Elles sont disponibles sur ...

Read the article

Android occupe 70 % des terminaux mobiles européens, 6 Français sur 10 ont opté pour la plateforme de Google

Android occupe 70 % des terminaux mobiles européens, 6 Français sur 10 ont opté pour la plateforme de GoogleLes derniers chiffres publiés par l'institut Kantar révèlent que les ventes de téléphones équipés d'Android sont en très forte progression sur le marché européen. Sur la période mars, avril et mai 2013, les parts de vente d'Android ont atteint 70,4 % en France, Grande-Bretagne, Allemagne, Italie et France. L'année passée elles avoisinaient les 61 %. En France, Android équipe 65,2 % des terminaux mobiles soit une hausse de 8,5 points en comparaison avec l'année dernière. Ave...

Read the article

How to track inbound HTTP traffic using Plesk 10.4.4?

- by hypercrypt

I am running Plesk 10.4.4 on a Debian 6.0 server. The outbound traffic is being tracked but the inbound http traffic seems to be 0 at all times, i.e. looking at the DomainsTraffic and ClientsTraffic the http_in column is always 0. Is this a setting that I have missed? I've had a look and cannot find anything. How do I get Plesk to track the inbound HTTP traffic? I have already made sure that Home Tools & Settings Server settings had 'Include in the traffic calculation' set to 'inbound and outbound traffic', yet this does not solve the problem. Apache allows inbound traffic to be logged using %I in the log format, is there a way to get Plesk to add the %I to the log and then use that in bandwidth calculations?

Read the article

???????/???RAC????10??!US Oracle?????????????? Oracle Real Application Clusters??????????

- by user788995

????? ??:2012/02/20 ??:??????/?? Oracle 9i ? Real Application Clusters ?????????????10??????? RAC ???????????????? 11g R2 ???????????????Oracle US??? RAC ?????????????????? Oracle RAC ???Oracle RAC ? More than a DatabaseOracle RAC ?????????Oracle RAC ????????????????? Oracle RAC ????????? ????????????????? http://otndnld.oracle.co.jp/ondemand/otn-seminar/movie/120130_B-8_RAC.wmv http://otndnld.oracle.co.jp/ondemand/otn-seminar/movie/mp4/120130_B-8_RAC.mp4 http://www.oracle.com/technetwork/jp/ondemand/db-new/b-8-rac-1524112-ja.pdf

Read the article

rank on two dates - each date iteratively

- by Abhi

How to query for rank over 'value' for each day in the below table? Ex: IT should list out the 'mydate', 'value', 'rank' for all values on 20th and then do a fresh rank() for all values on 21st? Thanks... create table tv (mydate,value) as select to_date('20/03/2010 00','dd/mm/yyyy HH24'),98 from dual union all select to_date('20/03/2010 01','dd/mm/yyyy HH24'),124 from dual union all select to_date('20/03/2010 02','dd/mm/yyyy HH24'),140 from dual union all select to_date('20/03/2010 03','dd/mm/yyyy HH24'),138 from dual union all select to_date('20/03/2010 04','dd/mm/yyyy HH24'),416 from dual union all select to_date('20/03/2010 05','dd/mm/yyyy HH24'),196 from dual union all select to_date('20/03/2010 06','dd/mm/yyyy HH24'),246 from dual union all select to_date('20/03/2010 07','dd/mm/yyyy HH24'),176 from dual union all select to_date('20/03/2010 08','dd/mm/yyyy HH24'),124 from dual union all select to_date('20/03/2010 09','dd/mm/yyyy HH24'),128 from dual union all select to_date('20/03/2010 10','dd/mm/yyyy HH24'),32010 from dual union all select to_date('20/03/2010 11','dd/mm/yyyy HH24'),384 from dual union all select to_date('20/03/2010 12','dd/mm/yyyy HH24'),368 from dual union all select to_date('20/03/2010 13','dd/mm/yyyy HH24'),392 from dual union all select to_date('20/03/2010 14','dd/mm/yyyy HH24'),374 from dual union all select to_date('20/03/2010 15','dd/mm/yyyy HH24'),350 from dual union all select to_date('20/03/2010 16','dd/mm/yyyy HH24'),248 from dual union all select to_date('20/03/2010 17','dd/mm/yyyy HH24'),396 from dual union all select to_date('20/03/2010 18','dd/mm/yyyy HH24'),388 from dual union all select to_date('20/03/2010 19','dd/mm/yyyy HH24'),360 from dual union all select to_date('20/03/2010 20','dd/mm/yyyy HH24'),194 from dual union all select to_date('20/03/2010 21','dd/mm/yyyy HH24'),234 from dual union all select to_date('20/03/2010 22','dd/mm/yyyy HH24'),328 from dual union all select to_date('20/03/2010 23','dd/mm/yyyy HH24'),216 from dual union all select to_date('21/03/10 00','dd/mm/yyyy HH24'),224 from dual union all select to_date('21/03/10 01','dd/mm/yyyy HH24'),292 from dual union all select to_date('21/03/10 02','dd/mm/yyyy HH24'),264 from dual union all select to_date('21/03/10 03','dd/mm/yyyy HH24'),132 from dual union all select to_date('21/03/10 04','dd/mm/yyyy HH24'),142 from dual union all select to_date('21/03/10 05','dd/mm/yyyy HH24'),328 from dual union all select to_date('21/03/10 06','dd/mm/yyyy HH24'),184 from dual union all select to_date('21/03/10 07','dd/mm/yyyy HH24'),240 from dual union all select to_date('21/03/10 08','dd/mm/yyyy HH24'),224 from dual union all select to_date('21/03/10 09','dd/mm/yyyy HH24'),496 from dual union all select to_date('21/03/10 10','dd/mm/yyyy HH24'),370 from dual union all select to_date('21/03/10 11','dd/mm/yyyy HH24'),352 from dual union all select to_date('21/03/10 12','dd/mm/yyyy HH24'),438 from dual union all select to_date('21/03/10 13','dd/mm/yyyy HH24'),446 from dual union all select to_date('21/03/10 14','dd/mm/yyyy HH24'),426 from dual union all select to_date('21/03/10 15','dd/mm/yyyy HH24'),546 from dual union all select to_date('21/03/10 16','dd/mm/yyyy HH24'),546 from dual union all select to_date('21/03/10 17','dd/mm/yyyy HH24'),684 from dual union all select to_date('21/03/10 18','dd/mm/yyyy HH24'),568 from dual union all select to_date('21/03/10 19','dd/mm/yyyy HH24'),504 from dual union all select to_date('21/03/10 20','dd/mm/yyyy HH24'),392 from dual union all select to_date('21/03/10 21','dd/mm/yyyy HH24'),256 from dual union all select to_date('21/03/10 22','dd/mm/yyyy HH24'),236 from dual union all select to_date('21/03/10 23','dd/mm/yyyy HH24'),168 from dual

Read the article

Fedora 13 becomes unresponsive when too many applications running.

- by user61766

I am using Fedora 13 64bit on Dell Vostro full 4GB RAM system with default Gnome GUI. This is very annoying problem that I don't how to fix except by rebooting the whole PC. When I have too many applications running ( like browser windows), the system start acting sluggish. The fist symptoms appear in Eclipse IDE which becomes so terrible it just becomes frozen for sometime one whole minute after I try to edit something in the editor. Then Firefox seems like it has crashed. Google Chrome becomes very unresponsive as well. All GUI applications including File manager becomes unresponsive. When I check System Monitor, the CPU is still around 20% and memory is at 80% but the system seems getting fried up. This progressively becomes worse until I soft reboot it or if I dont do it evetually the whole system is fried, no response to any keyboard key or mouse and I have to hit the hardware turn off button. I regularly yum update the system but this makes no difference. Please don't tell not to run too many applications because I need those for my work. I thought Linux is well designed Operating System but I am very disappointed so far. Can some one here help ?

Read the article

iptables syn flood countermeasure

- by Penegal

I'm trying to adjust my iptables firewall to increase the security of my server, and I found something a bit problematic here : I have to set INPUT policy to ACCEPT and, in addition, to have a rule saying iptables -I INPUT -i eth0 -j ACCEPT. Here comes my script (launched manually for tests) : #!/bin/sh IPT=/sbin/iptables echo "Clearing firewall rules" $IPT -F $IPT -Z $IPT -t nat -F $IPT -t nat -Z $IPT -t mangle -F $IPT -t mangle -Z $IPT -X echo "Defining logging policy for dropped packets" $IPT -N LOGDROP $IPT -A LOGDROP -j LOG -m limit --limit 5/min --log-level debug --log-prefix "iptables rejected: " $IPT -A LOGDROP -j DROP echo "Setting firewall policy" $IPT -P INPUT DROP # Deny all incoming connections $IPT -P OUTPUT ACCEPT # Allow all outgoing connections $IPT -P FORWARD DROP # Deny all forwaring echo "Allowing connections from/to lo and incoming connections from eth0" $IPT -I INPUT -i lo -j ACCEPT $IPT -I OUTPUT -o lo -j ACCEPT #$IPT -I INPUT -i eth0 -j ACCEPT echo "Setting SYN flood countermeasures" $IPT -A INPUT -p tcp -i eth0 --syn -m limit --limit 100/second --limit-burst 200 -j LOGDROP echo "Allowing outgoing traffic corresponding to already initiated connections" $IPT -A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT echo "Allowing incoming SSH" $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT echo "Setting SSH bruteforce attacks countermeasures (deny more than 10 connections every 10 minutes)" $IPT -A INPUT -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 10 --rttl --name SSH -j LOGDROP echo "Allowing incoming traffic for HTTP, SMTP, NTP, PgSQL and SolR" $IPT -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT $IPT -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT $IPT -A INPUT -p udp --dport 123 -i eth0 -j ACCEPT $IPT -A INPUT -p tcp --dport 5433 -i eth0.2654 -s 172.16.0.2 -j ACCEPT $IPT -A INPUT -p udp --dport 5433 -i eth0.2654 -s 172.16.0.2 -j ACCEPT $IPT -A INPUT -p tcp --dport 8983 -i eth0.2654 -s 172.16.0.2 -j ACCEPT $IPT -A INPUT -p udp --dport 8983 -i eth0.2654 -s 172.16.0.2 -j ACCEPT echo "Allowing outgoing traffic for ICMP, SSH, whois, SMTP, DNS, HTTP, PgSQL and SolR" $IPT -A OUTPUT -p tcp --dport 22 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 25 -o eth0 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 43 -o eth0 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 53 -o eth0 -j ACCEPT $IPT -A OUTPUT -p udp --dport 53 -o eth0 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT $IPT -A OUTPUT -p udp --dport 80 -o eth0 -j ACCEPT #$IPT -A OUTPUT -p tcp --dport 5433 -o eth0 -d 176.31.236.101 -j ACCEPT #$IPT -A OUTPUT -p udp --dport 5433 -o eth0 -d 176.31.236.101 -j ACCEPT #$IPT -A OUTPUT -p tcp --dport 8983 -o eth0 -d 176.31.236.101 -j ACCEPT #$IPT -A OUTPUT -p udp --dport 8983 -o eth0 -d 176.31.236.101 -j ACCEPT $IPT -A OUTPUT -p tcp --sport 5433 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p udp --sport 5433 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p tcp --sport 8983 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p udp --sport 8983 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p icmp -j ACCEPT echo "Allowing outgoing FTP backup" $IPT -A OUTPUT -p tcp --dport 20:21 -o eth0 -d 91.121.190.78 -j ACCEPT echo "Dropping and logging everything else" $IPT -A INPUT -s 0/0 -j LOGDROP $IPT -A OUTPUT -j LOGDROP $IPT -A FORWARD -j LOGDROP echo "Firewall loaded." echo "Maintaining new rules for 3 minutes for tests" sleep 180 $IPT -nvL echo "Clearing firewall rules" $IPT -F $IPT -Z $IPT -t nat -F $IPT -t nat -Z $IPT -t mangle -F $IPT -t mangle -Z $IPT -X $IPT -P INPUT ACCEPT $IPT -P OUTPUT ACCEPT $IPT -P FORWARD ACCEPT When I launch this script (I only have a SSH access), the shell displays every message up to Maintaining new rules for 3 minutes for tests, the server is unresponsive during the 3 minutes delay and then resume normal operations. The only solution I found until now was to set $IPT -P INPUT ACCEPT and $IPT -I INPUT -i eth0 -j ACCEPT, but this configuration does not protect me of any attack, which is a great shame for a firewall. I suspect that the error comes from my script and not from iptables, but I don't understand what's wrong with my script. Could some do-gooder explain me my error, please? EDIT: here comes the result of iptables -nvL with the "accept all input" ($IPT -P INPUT ACCEPT and $IPT -I INPUT -i eth0 -j ACCEPT) solution : Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 52 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 100/sec burst 200 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH side: source 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 recent: UPDATE seconds: 600 hit_count: 10 TTL-Match name: SSH side: source 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 tcp dpt:5433 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 udp dpt:5433 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 tcp dpt:8983 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 udp dpt:8983 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 2 728 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:43 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:80 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp spt:5433 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp spt:5433 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp spt:8983 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp spt:8983 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 91.121.190.78 tcp dpts:20:21 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGDROP (5 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `iptables rejected: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 EDIT #2 : I modified my script (policy ACCEPT, defining authorized incoming packets then logging and dropping everything else) to write iptables -nvL results to a file and to allow only 10 ICMP requests per second, logging and dropping everything else. The result proved unexpected : while the server was unavailable to SSH connections, even already established, I ping-flooded it from another server, and the ping rate was restricted to 10 requests per second. During this test, I also tried to open new SSH connections, which remained unanswered until the script flushed rules. Here comes the iptables stats written after these tests : Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 600 35520 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 6 360 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 100/sec burst 200 0 0 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match "w00tw00t.at.ISC.SANS." ALGO name bm TO 65535 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match "Host: anoticiapb.com.br" ALGO name bm TO 65535 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match "Host: www.anoticiapb.com.br" ALGO name bm TO 65535 105 8820 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 830 69720 LOGDROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH side: source 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 recent: UPDATE seconds: 600 hit_count: 10 TTL-Match name: SSH side: source 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 tcp spt:5433 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 udp spt:5433 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 tcp spt:8983 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 udp spt:8983 16 1684 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 600 35520 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 LOGDROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 owner UID match 33 0 0 LOGDROP udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:80 owner UID match 33 116 11136 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:80 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp dpt:5433 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp dpt:5433 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp dpt:8983 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp dpt:8983 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:43 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 91.121.190.18 tcp dpts:20:21 7 1249 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGDROP (11 references) pkts bytes target prot opt in out source destination 35 3156 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 7 prefix `iptables rejected: ' 859 73013 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Here comes the log content added during this test : Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=55666 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=55667 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55668 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55669 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:52 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55670 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:54 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55671 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:58 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55672 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=6 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=7 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=8 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=9 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=59 Mar 28 09:53:00 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=152 Mar 28 09:53:01 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=246 Mar 28 09:53:02 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=339 Mar 28 09:53:03 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=432 Mar 28 09:53:04 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=524 Mar 28 09:53:05 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=617 Mar 28 09:53:06 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=711 Mar 28 09:53:07 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=804 Mar 28 09:53:08 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=897 Mar 28 09:53:16 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=61402 DF PROTO=TCP SPT=57637 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:19 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=61403 DF PROTO=TCP SPT=57637 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:21 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55674 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:53:25 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=61404 DF PROTO=TCP SPT=57637 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:37 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=116 TOS=0x00 PREC=0x00 TTL=51 ID=55675 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:37 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=116 TOS=0x00 PREC=0x00 TTL=51 ID=55676 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:37 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55677 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:38 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55678 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:39 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55679 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:39 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=5055 DF PROTO=TCP SPT=57638 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:41 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55680 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:42 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=5056 DF PROTO=TCP SPT=57638 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:45 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55681 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:48 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=5057 DF PROTO=TCP SPT=57638 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 If I correctly interpreted these results, they say that ICMP rules were correctly interpreted by iptables, but SSH rules were not. This does not make any sense... Does somebody understand where my error comes from? EDIT #3 : After some more tests, I found out that commenting the SYN flood countermeasure removes the problem. I continue researches in this way but, meanwhile, if somebody sees my anti SYN flood rule error...

Read the article

How can Windows XP/7 users cleanly connect to Mac OS X Server 10.9.4 Mavericks with Active Directory integration?

- by JakeGould

I’m a Linux/Unix systems admin who also manages a Macintosh server infrastructure & there is a lone Mac Mini in the mix running 10.9.4 that I would like Windows XP & Windows 7 users to connect to with little or no hassle. The problem? Windows users can’t seem to even get to the point of a password prompt yet connect. Mind you this server replaced a Mac OS X 10.6.8 server that had issues, but never had issues with Windows users connected. The gist of this post is: The tons of different messages out there about Mac OS X 10.9.4 Samba support are mind-numbingly confusing. Can anyone share some solid specifics here? I’ve read pieces like this one here that suggest turning off file sharing & then adding a share with AFP/SMB enabled would work. But the suggestion seems to apply to 10.8. And from what I know a lot has changed in Samba support in 10.9 let alone the iterations to 10.9.4. Then I found this great tutorial here that explains things step-by-step. Which seems like it should work, but the problem is the example given applies to a local user created on the Mac when I would like users in an Active Directory group—which the Mac is bound to—access the Mac Mini shares. There are also tons of great tips here on MacWindows.com but nothing seems solid to the issue I am facing. So from what I am reading these are my options: Local User Versus Active Directory: Setup a common local user on the Mac OS X 10.9.4 server to be used for Samba sharing since Active Directory won’t work. Is this really the case? Because loss of AD integration is a major pain. Do Extended File Attributes Get Retained from Windows Users: If this were to work, how do extended attributes come into play? Loss of metadata & related info is not an option. How Fragile is Any of this to Updates: How does any of this shake out with Mac OS X updates as well as Windows updates? Installing Official, Open Source Samba: Would upgrading the Samba install on the server to the official open source Samba via a package like SMBUp or via the Hombrew method described here help or make the issue worse? I fully understand there have historically been issues in mixed environments, but nowadays Windows users connecting to a Mac seem to have a truly hellish road ahead of them. Unless I am missing something?

Search Results

Search found 31621 results on 1265 pages for '13 10'.

Page 119/1265 | < Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126 | Next Page >

- by B Seven

- by chtfn

- by Javier Puerta

- by Javier Puerta

- by mgerdts

- by andyleonard

- by Croad Langshan

- by hypercrypt

- by user788995

- by Abhi

- by user61766

- by Penegal

- by JakeGould

< Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126 | Next Page >