Search Results

Search found 3399 results on 136 pages for 'rule'.

Page 3/136 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • iptables rule on INPUT between 2 ethernet cards on the same host

    - by user1495181
    I have 2 eth cards on the same host. Both connected directly with LAN cable. I set eth0 with ip - 192.168.1.2 I set eth1 with ip - 192.168.1.1 I set this rule: iptables -A INPUT -p tcp -j NFQUEUE --queue-num 0 There are no other rules. (I ran iptables -X,-F) I send TCP syn packet ( with c++ program by using raw socket) from 192.168.1.2 to 192.168.1.1 In wireshark i see that the packet received on eth0, but the iptables rule (above) dosnt apply for this packet. when i sent the packet to remote host and apply this rule on the remote host than it work correct. So, i guess that this is due to the fact that both eth cards exists the same host. . I need to create iptables INPUT rule for local eth card (dest and src on the same machine ). I need it for simplify test. Did i guess the problem correct? is there a way to bypass this? Ps - connected them via switch didn't help. the rule wasn't applied. Run on Ubuntu. TCDUMP show the packet: 10:48:42.365002 IP 192.168.1.2.38550 > 192.168.1.1.34298: Flags [S], seq 0, win 5840, length 0 but logging of iptables like this, has nothing: iptables -A INPUT -p tcp -j LOG --log-prefix '*****************' iptables -A OUTPUT -p tcp -j LOG --log-prefix '#################'

    Read the article

  • forward outbound traffic rule

    - by Claudiu
    I am trying to forward the outbound traffic to another server. Current rule is: /sbin/iptables -A OUTPUT -p tcp -s localhost -o 91.xxx.xxx.xxx --dport 65000:65010 -j ACCEPT but when I do a iptables -L, the rule its showed like this: ACCEPT tcp -- localhost.localdomain anywhere tcp dpts:65000:65010 So I guess my rule is bad written since the "destination" column shows "anywhere" Can you help me with this?

    Read the article

  • iptables rule for forwarding outbound traffic

    - by Claudiu
    I am trying to forward the outbound traffic to another server. Current rule is: /sbin/iptables -A OUTPUT -p tcp -s localhost -o 91.xxx.xxx.xxx --dport 65000:65010 -j ACCEPT but when I do a iptables -L, the rule its showed like this: ACCEPT tcp -- localhost.localdomain anywhere tcp dpts:65000:65010 So I guess my rule is bad written since the "destination" column shows "anywhere" Can you help me with this?

    Read the article

  • Disable modsec2 blacklist rule for specific hostname

    - by KevinL
    I have a server running Apache2 with mod_security2. In modsec2.user.conf, there is a blacklist rule: ###BLACKLIST### SecRule REQUEST_URI "mkdir" I need to disable that rule for just one hostname on the server. I realize I could just remove it entirely but I'd rather keep it on for the other sites. I realize you can use the SecRuleRemoveByID directive, based on each rule's ID, but as you can see above, this has no ID, it's just a string. How do I disable that rule for just www.example.com, is there something I can do in custom.conf, whitelist.conf or exclude.conf ?

    Read the article

  • debian/rules error "No rule to make target"

    - by Hairo
    i'm having some problems creating a .deb file with debuild before reading some tutorials i managed to make the file but i always get this error: make: *** No rule to make target «build». Stop. dpkg-buildpackage: failure: debian/rules build gave error exit status 2 debuild: fatal error at line 1329: dpkg-buildpackage -rfakeroot -D -us -uc -b failed Any help?? This is my debian rules file: #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 build-stamp: configure-stamp dh_testdir touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs $(MAKE) install DESTDIR=$(CURDIR)/debian/pycounter mkdir -p $(CURDIR)/debian/pycounter # Copy .py files cp pycounter.py $(CURDIR)/debian/pycounter/opt/extras.ubuntu.com/pycounter/pycounter.py cp prefs.py $(CURDIR)/debian/pycounter/opt/extras.ubuntu.com/pycounter/prefs.py # desktop copyright and others (not complete, check) cp extras-pycounter.desktop $(CURDIR)/debian/pycounter/usr/share/applications/extras-pycounter.desktop

    Read the article

  • We really only have ONE rule...

    - by Chris G. Williams
    Had to show someone the door today... bummer.     At Big Robot Games we really only have one rule and it's not all that complex:   If you're going to hang out here all day, you should satisfy AT LEAST one of the following criteria: 1) You buy some food and/or drinks. 2) You occasionally buy product. 3) You play as part of a sanctioned tournaent or gaming group. 4) You act like you have some sense (i.e. have manners.)   We would love it if you manage to do all of the above, of course, but we're really perfectly content to settle for only getting a 1-2 of them at a time.    We don't have a problem with people bringing food in, and we understand that you aren't going to buy a game every time you come here. And yes, we know that people enjoy hanging out here with their friends. We can even overlook your odd quirks and personality issues, provided you're spending a little money once in a while (this IS a BUSINESS, after all.)   However... if you can't manage to do ANY of the things I listed above, and then you get lippy with me about it, well... it's time to say goodbye.

    Read the article

  • Cherokee rule failover

    - by phretor
    I have a Cherokee virtual host configured as follows: 1st rule: "Directory /" -> HTTP Reverse Proxy 2nd rule: "Directory /" -> uWSGI I know the second rule is useless because it's never triggered. However, the first rule seldom returns a 504 Gateway Timeout error so I was thinking of failing over the second rule, yet I don't know how to achieve this. Is it possible? Unfortunately, I cannot use only one rule with load balanced information sources, because I use two different types of information sources (i.e., pure HTTP and WSGI).

    Read the article

  • Exchange 2010 Transport rules stepping on each other

    - by TopHat
    I have a group of users that I have to restrict email access for and so far using Exchange Transport Rules has worked very well. The problem I am having is that Rule 0 is supposed to bcc the email to a review mailbox but otherwise not change anything and Rule 9 is supposed to block the email and throw a custom NDR to tell the user why they were blocked. Here are my results in practice however. If Rule 0 is enabled and Rule 9 is enabled then only Rule 9 functions If Rule 0 is disabled and Rule 9 is enabled then Rule 9 functions If Rule 0 is enabled and Rule 9 is disabled then Rule 0 functions This is after the Transport Service has been restarted (multiple times actually). I have other rule pairs that work correctly. None of these are overlapping rulesets however. - copy email going to address outside domain and then block - copy email coming in from outside and then block Here is the rule for copying internal emails (Rule 0): Apply rule to messages from a member of Blind carbon copy (Bcc) the message to except when the message is sent to a member of or [email protected] Here is the rule to block the same email (rule 9): Apply rule to messages from a member of send 'Email to non-supervisors or managers has been prohibited. Please contact your supervisor for more information.' to sender with 5.7.420 except when the message is sent to , [email protected], The distribution group used for membership in these rules is used for the other blocking and copying rules and works as expected. Is there something I missed in this setup? All of the copy rules are at the front of the transport rule group and all the actual copies at at the end of the queue if that makes a difference. Any thoughts as to why the email doesn't get copied when it gets blocked?

    Read the article

  • ADF page security - the untold password rule

    - by ankuchak
    I'm kinda new to Oracle ADF. So, in this blog post I'm going to share something with you that I faced (and recovered from) recently. Initially I thought if I should at all put a blog post on this, because it's totally simple. Still, simplicity is a relative term. So without wasting further time, let's kick off.    I was exploring the ADF security aspect to secure a page through html basic authentication. The idea is very simple and the credential store etc. come into picture. But I was not able to run a successful test of this phenomenally simple thing even after trying for over 30 minutes. This is what I did.   I created a simple jsf page and put a panel in it. And I put a simple el to show the current user name.  Next I created a user that I should test with. I named the password as myuser, just to keep it simple. Then I created an enterprise role and mapped the user that I just created. Then I created an application role and mapped the enterprise role to it. Then I mapped the resource, the simple jsf page in this case, to this application role. This way, only users with the given application role can only access this page (as if you didn't know this duh!).  Of course, I had to create the page definition for the page before I could map it to an application role. What else! done! Then I hit the run menu item and it all went well...   Until... I got this message. I put the correct credentials repeatedly 2-3 times. Still I got the same error. Why? I didn't get any error message during the deployment. nope.  Then, as I said before, I spent over 30 minutes trying different things out, things like mapping only the user(not the role) to the page, changing the context root etc. Nothing worked!  Then of course, I bothered to look at the logs and found this. See the first red line. That says it all. So the problem was with that password. The password must have at least one special character and one digit in it. I think I was misled by the missing password hint/rule and the fact that the deployment didn't fail even if the user was not created properly. Well, yes, I agree that I was fool enough not to look at the logs.  Later I changed the password to something like myuser123# . And it worked. I hope it helped.

    Read the article

  • Oracle HRMS API –Update Employee Fed Tax Rule

    - by PRajkumar
    API --  pay_federal_tax_rule_api.update_fed_tax_rule Example -- DECLARE    lb_correction                              BOOLEAN;    lb_update                                   BOOLEAN;    lb_update_override                 BOOLEAN;    lb_update_change_insert      BOOLEAN;    ld_effective_start_date            DATE;    ld_effective_end_date             DATE;    ln_assignment_id                     NUMBER                    := 33561;    lc_dt_ud_mode                          VARCHAR2(100)     := NULL;    ln_object_version_number     NUMBER                    := 0;    ln_supp_tax_override_rate    PAY_US_EMP_FED_TAX_RULES_F.SUPP_TAX_OVERRIDE_RATE%TYPE;    ln_emp_fed_tax_rule_id         PAY_US_EMP_FED_TAX_RULES_F.EMP_FED_TAX_RULE_ID%TYPE; BEGIN    -- Find Date Track Mode    -- -------------------------------    dt_api.find_dt_upd_modes    (   -- Input data elements        -- ------------------------------       p_effective_date                   => TO_DATE('12-JUN-2011'),       p_base_table_name            => 'PER_ALL_ASSIGNMENTS_F',       p_base_key_column           => 'ASSIGNMENT_ID',       p_base_key_value               => ln_assignment_id,       -- Output data elements       -- -------------------------------       p_correction                          => lb_correction,       p_update                                => lb_update,       p_update_override              => lb_update_override,       p_update_change_insert   => lb_update_change_insert   );    IF ( lb_update_override = TRUE OR lb_update_change_insert = TRUE )  THEN      -- UPDATE_OVERRIDE      -- --------------------------------      lc_dt_ud_mode := 'UPDATE_OVERRIDE';  END IF;    IF ( lb_correction = TRUE )  THEN     -- CORRECTION     -- ----------------------     lc_dt_ud_mode := 'CORRECTION';  END IF;    IF ( lb_update = TRUE )  THEN      -- UPDATE      -- -------------      lc_dt_ud_mode := 'UPDATE';  END IF;       -- Update Employee Fed Tax Rule   -- ----------------------------------------------   pay_federal_tax_rule_api.update_fed_tax_rule   (   -- Input data elements       -- -----------------------------       p_effective_date                        => TO_DATE('20-JUN-2011'),       p_datetrack_update_mode   => lc_dt_ud_mode,       p_emp_fed_tax_rule_id         => 7417,       p_withholding_allowances  => 100,       p_fit_additional_tax                => 10,       p_fit_exempt                               => 'N',       p_supp_tax_override_rate     => 5,       -- Output data elements       -- --------------------------------      p_object_version_number       => ln_object_version_number,      p_effective_start_date               => ld_effective_start_date,      p_effective_end_date                => ld_effective_end_date   );    COMMIT; EXCEPTION           WHEN OTHERS THEN                          ROLLBACK;                          dbms_output.put_line(SQLERRM); END; / SHOW ERR;  

    Read the article

  • Oracle HRMS API – Update Employee State Tax Rule

    - by PRajkumar
    API --  pay_state_tax_rule_api.update_state_tax_rule Example --   DECLARE      lc_dt_ud_mode                       VARCHAR2(100)   := NULL;      ln_assignment_id                  NUMBER                  := 33561;      ln_object_version_number  NUMBER                  := 1;      ld_effective_start_date          DATE;      ld_effective_end_date            DATE;      lb_correction                            BOOLEAN;      lb_update                                  BOOLEAN;      lb_update_override                BOOLEAN;      lb_update_change_insert    BOOLEAN; BEGIN     -- Find Date Track Mode     -- --------------------------------      dt_api.find_dt_upd_modes      (   p_effective_date                 => TO_DATE('12-JUN-2011'),          p_base_table_name          => 'PER_ALL_ASSIGNMENTS_F',          p_base_key_column         => 'ASSIGNMENT_ID',          p_base_key_value             => ln_assignment_id,          -- Output data elements          -- --------------------------------         p_correction                          => lb_correction,         p_update                                => lb_update,         p_update_override              => lb_update_override,         p_update_change_insert   => lb_update_change_insert     );        IF ( lb_update_override = TRUE OR lb_update_change_insert = TRUE )    THEN       -- UPDATE_OVERRIDE       -- --------------------------------       lc_dt_ud_mode := 'UPDATE_OVERRIDE';    END IF;      IF ( lb_correction = TRUE )    THEN       -- CORRECTION       -- ----------------------      lc_dt_ud_mode := 'CORRECTION';    END IF;      IF ( lb_update = TRUE )    THEN        -- UPDATE        -- --------------        lc_dt_ud_mode := 'UPDATE';    END IF;      -- Update State Tax Rule    -- ---------------------------------     pay_state_tax_rule_api.update_state_tax_rule     (     -- Input data elements           -- ------------------------------           p_effective_date                        => TO_DATE('20-JUN-2011'),           p_datetrack_update_mode   => lc_dt_ud_mode,           p_emp_state_tax_rule_id      => 8455,           p_withholding_allowances  => 100,           p_sit_additional_tax               => 10,           p_sit_exempt                              => 'N',           -- Output data elements           -- --------------------------------           p_object_version_number      => ln_object_version_number,           p_effective_start_date              => ld_effective_start_date,           p_effective_end_date               => ld_effective_end_date      );  COMMIT; EXCEPTION        WHEN OTHERS THEN                        ROLLBACK;                        dbms_output.put_line(SQLERRM); END; / SHOW ERR;  

    Read the article

  • Oracle HRMS API – Create Employee State Tax Rule

    - by PRajkumar
    API --  pay_state_tax_rule_api.create_state_tax_rule Example --   DECLARE     lc_dt_ud_mode                     VARCHAR2(100)     := NULL;      ln_assignment_id                 NUMBER                    := 33561;     lb_correction                            BOOLEAN;      lb_update                                 BOOLEAN;      lb_update_override               BOOLEAN;      lb_update_change_insert    BOOLEAN;     ln_emp_state_tax_rule_id   PAY_US_EMP_STATE_TAX_RULES_F.EMP_STATE_TAX_RULE_ID%TYPE;     ln_object_version_number  NUMBER;      ld_effective_start_date          DATE;      ld_effective_end_date           DATE; BEGIN       -- Find Date Track Mode       -- --------------------------------         dt_api.find_dt_upd_modes         (     p_effective_date                  => TO_DATE('12-JUN-2011'),               p_base_table_name            => 'PER_ALL_ASSIGNMENTS_F',               p_base_key_column          => 'ASSIGNMENT_ID',               p_base_key_value              => ln_assignment_id,               -- Output data elements               -- --------------------------------              p_correction                           => lb_correction,              p_update                                => lb_update,              p_update_override              => lb_update_override,              p_update_change_insert   => lb_update_change_insert        );      IF ( lb_update_override = TRUE OR lb_update_change_insert = TRUE )    THEN       -- UPDATE_OVERRIDE       -- ---------------------------------       lc_dt_ud_mode := 'UPDATE_OVERRIDE';    END IF;      IF ( lb_correction = TRUE )    THEN       -- CORRECTION       -- ----------------------       lc_dt_ud_mode := 'CORRECTION';    END IF;      IF ( lb_update = TRUE )    THEN       -- UPDATE       -- --------------       lc_dt_ud_mode := 'UPDATE';    END IF;      -- Create Employee State Tax Rule    -- -----------------------------------------------     pay_state_tax_rule_api.create_state_tax_rule     (    -- Input Parameters          -- --------------------------          p_effective_date                         => TO_DATE('15-JUN-2011'),          p_default_flag                            => 'Y',          p_assignment_id                      => 33561,          p_state_code                               => '05',          -- Output Parameters          -- ----------------------------         p_emp_state_tax_rule_id        => ln_emp_state_tax_rule_id,         p_object_version_number       => ln_object_version_number,         p_effective_start_date               => ld_effective_start_date,         p_effective_end_date                => ld_effective_end_date   );    COMMIT; EXCEPTION           WHEN OTHERS THEN                        ROLLBACK;                         dbms_output.put_line(SQLERRM); END; / SHOW ERR;  

    Read the article

  • what does an * (star) mean in front of a CSS rule?

    - by Bill Caswell
    I'm new to CSS and am using the Yahoo YUI libraries in a project. I am learning as fast as possible, but apologize in advance if this is too rookie of a question. Can anyone help me understand the following CSS that I came across in the layout manager CSS: I have been unable to figure out what the * (star) does to the rules (styles) in the following CSS??? .yui-skin-sam .yui-layout .yui-layout-unit div.yui-layout-bd { border:1px solid #808080; border-bottom:none; border-top:none; *border-bottom-width:0; *border-top-width:0; background-color:#f2f2f2; text-align:left; } Thanks in advance, Bill

    Read the article

  • How to handle ordering of @Rule's when they are dependant on eachother

    - by Lennart Schedin
    I use embedded servers that run inside Junit test cases. Sometimes these servers require a working directory (for example the Apache Directory server). The new @Rule in Junit 4.7 can handle these cases. The TemporaryFolder-Rule can create a temporary directory. A custom ExternalResource-Rule can be created for server. But how do I handle if I want to pass the result from one rule into another: import static org.junit.Assert.assertEquals; import java.io.*; import org.junit.*; import org.junit.rules.*; public class FolderRuleOrderingTest { @Rule public TemporaryFolder folder = new TemporaryFolder(); @Rule public MyNumberServer server = new MyNumberServer(folder); @Test public void testMyNumberServer() throws IOException { server.storeNumber(10); assertEquals(10, server.getNumber()); } /** Simple server that can store one number */ private static class MyNumberServer extends ExternalResource { private TemporaryFolder folder; /** The actual datafile where the number are stored */ private File dataFile; public MyNumberServer(TemporaryFolder folder) { this.folder = folder; } @Override protected void before() throws Throwable { if (folder.getRoot() == null) { throw new RuntimeException("TemporaryFolder not properly initialized"); } //All server data are stored to a working folder File workingFolder = folder.newFolder("my-work-folder"); dataFile = new File(workingFolder, "datafile"); } public void storeNumber(int number) throws IOException { dataFile.createNewFile(); DataOutputStream out = new DataOutputStream(new FileOutputStream(dataFile)); out.writeInt(number); } public int getNumber() throws IOException { DataInputStream in = new DataInputStream(new FileInputStream(dataFile)); return in.readInt(); } } } In this code the folder is sent as a parameter into the server so that the server can create a working directory to store data. However this does not work because Junit processes the rules in reverse order as they are defined in the file. The TemporaryFolder Rule will not be executed before the server Rule. Thus the root-folder in TempraryFolder will be null, resulting that any files are created relative to the current working directory. If I reverse the order of the attributes in my class I get a compile error because I cannot reference a variable before it is defined. I'm using Junit 4.8.1 (because the ordering of rules was fixed a bit from the 4.7 release)

    Read the article

  • How does one use the built in IIS URL Rewrite SEO rule that adds trailing slash only to files that exist?

    - by Sn3akyP3t3
    The default rule template is AddTrailingSlash. I've added another condition that allows the rule to apply to directories and not files, but I'm not sure if this is industry standard. Added: The rule allows for filename that are not standard such as .mobileconfig The web.config contains this rule when the template is applied: <rule name="AddTrailingSlashRule1" enabled="true" stopProcessing="true"> <match url="(.*[^/])$" /> <conditions logicalGrouping="MatchAll" trackAllCaptures="false"> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" pattern="^.*\.[a-z]{1,12}" negate="true" /> </conditions> <action type="Redirect" url="{R:1}/" /> </rule>

    Read the article

  • SpamAssassin 2010 Bug still active on my mailserver despite the offending rule being fixed - where t

    - by Ibrahim
    The SpamAssassin 2010 bug was supposed to be fixed not long after the bug became widely known, and indeed the offending rule in my /usr/share/spamassassin/72_active.cf has been updated. However, incoming messages are still being tagged by this eg: X-Spam-Status: No, score=3.188 tagged_above=-999 required=6.31 tests=[BAYES_50=0.001, FH_DATE_PAST_20XX=3.188, SPF_PASS=-0.001] Here is the relevant rule: ##{ FH_DATE_PAST_20XX header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006] describe FH_DATE_PAST_20XX The date is grossly in the future. ##} FH_DATE_PAST_20XX I'm on spamassassin/3.2.5-2+lenny1.1~volatile1 on Debian Lenny, completely up to date. Any pointers on where to look to figure out what's going on? I don't know anything about SpamAssassin; someone else usually manages this but I'm free right now and am trying to figure out what the problem is because it's been annoying us for a while and we only just realized this bug was still affecting us. Update: I've lowered the score for the FH_DATE_PAST20XX rule to 0.1, both in /etc/spamassassin/local.cf and /usr/share/spamassassin/50_scores.cf and it's still giving 3.188 points for this rule. Any idea what's going on? This really has me stumped. Update 2: It seems that after restarting amavisd, it's been fixed. What's the difference between amavisd and spamd? It seems like both should not be running, or something.

    Read the article

  • SpamAssassin 2010 Bug still active on my mailserver despite the offending rule being fixed - where t

    - by Ibrahim
    The SpamAssassin 2010 bug was supposed to be fixed not long after the bug became widely known, and indeed the offending rule in my /usr/share/spamassassin/72_active.cf has been updated. However, incoming messages are still being tagged by this eg: X-Spam-Status: No, score=3.188 tagged_above=-999 required=6.31 tests=[BAYES_50=0.001, FH_DATE_PAST_20XX=3.188, SPF_PASS=-0.001] Here is the relevant rule: ##{ FH_DATE_PAST_20XX header FH_DATE_PAST_20XX Date =~ /20[2-9][0-9]/ [if-unset: 2006] describe FH_DATE_PAST_20XX The date is grossly in the future. ##} FH_DATE_PAST_20XX I'm on spamassassin/3.2.5-2+lenny1.1~volatile1 on Debian Lenny, completely up to date. Any pointers on where to look to figure out what's going on? I don't know anything about SpamAssassin; someone else usually manages this but I'm free right now and am trying to figure out what the problem is because it's been annoying us for a while and we only just realized this bug was still affecting us. Update: I've lowered the score for the FH_DATE_PAST20XX rule to 0.1, both in /etc/spamassassin/local.cf and /usr/share/spamassassin/50_scores.cf and it's still giving 3.188 points for this rule. Any idea what's going on? This really has me stumped. Update 2: It seems that after restarting amavisd, it's been fixed. What's the difference between amavisd and spamd? It seems like both should not be running, or something.

    Read the article

  • CryptSvc not matched by Windows 7 Firewall rule

    - by theultramage
    I am using Windows Firewall in conjunction with a third-party tool to get notified about new outbound connection attempts (Windows Firewall Notifier or Windows Firewall Control). The way these tools do it is by setting the firewall to deny by default, and to add an auditing policy to log blocked connections into the Security event log. Then they watch the log, and display notification about newly added entries. netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound auditpol /set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable With this configuration in place, I now need to craft outbound allow rules for applications and system services. Here is the rule for CryptSvc, the service frequently used for certificate validation and revocation checking: netsh advfirewall firewall add rule name="Windows Cryptographic Services" action=allow enable=yes profile=any program="%SystemRoot%\system32\svchost.exe" service="CryptSvc" dir=out protocol=tcp remoteport=80,443 The problem is, this rule does not work. Unless I change the scope to "all programs and services" (which is really unhealthy), connection denied events like the following will keep appearing in the security log: Event 5157, Microsoft Windows security auditing. The Windows Filtering Platform has blocked a connection. Application Information: Process ID: 1476 (<- svchost.exe with CryptSvc and nothing else) Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 192.168.0.1 Source Port: 49616 Destination Address: 2.16.52.16 Destination Port: 80 Protocol: 6 (<- TCP) To make sure it's CryptSvc, I have let the connection through and reviewed its traffic; I also configured CryptSvc to run in its own svchost instance to make it more obvious: ;sc config CryptSvc type= share sc config CryptSvc type= own So... why is it not matching the firewall rule, and how to fix that?

    Read the article

  • .htaccess rewrite rule to ignore a directory

    - by Kirk Strobeck
    I am running a Symphony installation out of the directory symphony but I want to remove that word from the URL in specific cases. When a user visits http://domain.com/demo It should go to http://domain.com/symphony/demo because I've added a specific rule for demo. If I haven't added a specific rule for demo in the .htaccess, then it should resolve to http://domain.com/demo as typed. This will route it to another part of our app. Here is my current rewrite rule ### Symphony 2.3.x ### Options +FollowSymlinks -Indexes <IfModule mod_rewrite.c> RewriteEngine on RewriteBase / ### SECURITY - Protect crucial files RewriteRule ^manifest/(.*)$ - [F] RewriteRule ^workspace/(pages|utilities)/(.*)\.xsl$ - [F] RewriteRule ^(.*)\.sql$ - [F] RewriteRule (^|/)\. - [F] ### DO NOT APPLY RULES WHEN REQUESTING "favicon.ico" RewriteCond %{REQUEST_FILENAME} favicon.ico [NC] RewriteRule .* - [S=14] ### IMAGE RULES RewriteRule ^image\/(.+\.(jpg|gif|jpeg|png|bmp))$ extensions/jit_image_manipulation/lib/image.php?param=$1 [B,L,NC] ### CHECK FOR TRAILING SLASH - Will ignore files RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !/$ RewriteCond %{REQUEST_URI} !(.*)/$ RewriteRule ^(.*)$ $1/ [L,R=301] ### URL Correction RewriteRule ^(symphony/)?index.php(/.*/?) $1$2 [NC] ### ADMIN REWRITE RewriteRule ^symphony\/?$ index.php?mode=administration&%{QUERY_STRING} [NC,L] RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^symphony(\/(.*\/?))?$ index.php?symphony-page=$1&mode=administration&%{QUERY_STRING} [NC,L] ### FRONTEND REWRITE - Will ignore files and folders RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*\/?)$ index.php?symphony-page=$1&%{QUERY_STRING} [L] </IfModule> ###### How would I change the rewrite rule to support those cases?

    Read the article

  • Variable host IP address in iptables rule

    - by DrakeES
    I am running CentOS 6.4 with OpenVZ on my laptop. In order to provide Internet access for the VEs I have to apply the following rule on the laptop: iptables -t nat -A POSTROUTING -j SNAT --to-source <LAPTOP_IP> It works fine. However, I have to work in different places - office, home, partner's office etc. The IP of my laptop is different in those places, so have to alter the rule above each time I change place. I have created a workaround which basically determines the IP and applies the rule: #!/bin/bash IP=$(ifconfig | awk -F':' '/inet addr/&&!/127.0.0.1/{split($2,_," ");print _[1]}') iptables -t nat -A POSTROUTING -j SNAT --to-source $IP The workaround above works. I only still have to execute it manually. Perhaps I could make it a hook executing whenever my laptop obtains an IP address from DHCP - how can I do that? Also, I am just wondering if there is an elegant way of getting it done in the first place - iptables? Maybe there is a syntax allowing to specify "current hardware ip addres" in the rule?

    Read the article

  • Centos does not open port/s after the rule/s are appended

    - by Charlie Dyason
    So after some battling and struggling with the firewall, i see that I may be doing something or the firewall isnt responding correctly there is has a port filter that is blocking certain ports. by the way, I have combed the internet, posted on forums, done almost everything and now hence the website name "serverfault", is my last resort, I need help What I hoped to achieve is create a pptp server to connect to with windows/linux clients UPDATED @ bottom Okay, here is what I did: I made some changes to my iptables file, giving me endless issues and so I restored the iptables.old file contents of iptables.old: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT after iptables.old restore(back to stock), nmap scan shows: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 13:54 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.014s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 113/tcp closed ident 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 4.95 seconds if I append rule: (to accept all tcp ports incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 13:58 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.017s latency). Not shown: 858 filtered ports, 139 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 3.77 seconds *notice it allows and opens port 443 but no other ports, and it removes port 113...? removing previous rule and if I append rule: (allow and open port 80 incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:01 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.014s latency). Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp closed http 113/tcp closed ident 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 5.12 seconds *notice it removes port 443 and allows 80 but is closed without removing previous rule and if I append rule: (allow and open port 1723 incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -p tcp --dport 1723 -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:05 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.015s latency). Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp closed http 113/tcp closed ident 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 5.16 seconds *notice no change in ports opened or closed??? after removing rules: iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 1723 -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:07 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.015s latency). Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 113/tcp closed ident Nmap done: 1 IP address (1 host up) scanned in 5.15 seconds and returning rule: (to accept all tcp ports incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:07 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.017s latency). Not shown: 858 filtered ports, 139 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 3.87 seconds notice the eth0 changes the 999 filtered ports to 858 filtered ports, 139 closed ports QUESTION: why cant I allow and/or open a specific port, eg. I want to allow and open port 443, it doesnt allow it, or even 1723 for pptp, why am I not able to??? sorry for the layout, the editor was give issues (aswell... sigh) UPDATE @Madhatter comment #1 thank you madhatter in my iptables file: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # ----------all rules mentioned in post where added here ONLY!!!---------- -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT if I want to allow and open port 1723 (or edit iptables to allow a pptp connection from remote pc), what changes would I make? (please bear with me, my first time working with servers, etc.) Update MadHatter comment #2 iptables -L -n -v --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 9 660 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 4 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 6 packets, 840 bytes) num pkts bytes target prot opt in out source destination just on a personal note, madhatter, thank you for the support , I really appreciate it! UPDATE MadHatter comment #3 here are the interfaces ifconfig eth0 Link encap:Ethernet HWaddr 00:1D:D8:B7:1F:DC inet addr:[server ip] Bcast:[server ip x.x.x].255 Mask:255.255.255.0 inet6 addr: fe80::21d:d8ff:feb7:1fdc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:36692 errors:0 dropped:0 overruns:0 frame:0 TX packets:4247 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2830372 (2.6 MiB) TX bytes:427976 (417.9 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) remote nmap nmap -p 1723 [server ip] Starting Nmap 6.00 ( http://nmap.org ) at 2013-11-01 16:17 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.017s latency). PORT STATE SERVICE 1723/tcp filtered pptp Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds local nmap nmap -p 1723 localhost Starting Nmap 5.51 ( http://nmap.org ) at 2013-11-01 16:19 SAST Nmap scan report for localhost (127.0.0.1) Host is up (0.000058s latency). Other addresses for localhost (not scanned): 127.0.0.1 PORT STATE SERVICE 1723/tcp open pptp Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds UPDATE MadHatter COMMENT POST #4 I apologize, if there might have been any confusion, i did have the rule appended: (only after 3rd post) iptables -A INPUT -p tcp --dport 1723 -j ACCEPT netstat -apn|grep -w 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1142/pptpd There are not VPN's and firewalls between the server and "me" UPDATE MadHatter comment #5 So here is an intersting turn of events: I booted into windows 7, created a vpn connection, went through the verfication username & pword - checking the sstp then checking pptp (went through that very quickly which meeans there is no problem), but on teh verfication of username and pword (before registering pc on network), it got stuck, gave this error Connection failed with error 2147943625 The remote computer refused the network connection netstat -apn | grep -w 1723 before connecting: netstat -apn |grep -w 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1137/pptpd after the error came tried again: netstat -apn |grep -w 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1137/pptpd tcp 0 0 41.185.26.238:1723 41.13.212.47:49607 TIME_WAIT - I do not know what it means but seems like there is progress..., any thoughts???

    Read the article

  • Awesome Window Manager - Rule assigning programs to tags

    - by Peter
    I have a set of tags 'main', 'www', and 3: -- {{{ Tags tags = { names = {"main", "www", 3}, for s = 1, screen.count() do tags[s] = awful.tag(tags.names, s, tags.layout) end } -- }}} I want Firefox to open in tag "www". I've tried the following rule: -- {{{ Rules awful.rules.rules = { { rule = {class = "Firefox" }, properties = { tag = tags[1]["www"] }}, } -- }}} However, if I hit Super+R then type 'firefox' or run 'firefox &' from a terminal, Firefox opens in whatever tag I'm viewing. I've tried {class = "firefox"} and properties = { tag = tags[1][2] } but those modified rules did not work either. What is the correct way to set up a rule to make firefox always open in a particular tag?

    Read the article

  • Routing and Remote access rule not being applied internally (Windows SBS)

    - by Tim Saunders
    Hi, I have a Microsoft Small Business Server. I have pointed an external domain name to the external fixed IP address for the server. In routing and remote access I have defined a service for our subversion server as follows: Incoming port: 8443 Private address: 192.168.10.5 Outgoing port: 8443 192.168.10.5 is our development server, not the SBS (which is at 192.168.10.1) This rule works correctly if I am not on our internal network. However if I am on the internal network this rule does not get applied. What can I do/set so this rule is applied both internally and externally (so users with laptops et, don't keep having to change the URL by which they access the subversion server) Not sure what other info you may need, so please let me know if more details are required. T

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. I works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

  • Apache mod_header rule to change all cookies to secure

    - by Supowski
    I would like to change all cookies to be secure and http-only. It works fine for one cookie, but doesn't work when multiple cookies are set in response. Apache mod_header rule should change cookies from: Set-Cookie cookie1=value; Path=/somePath Set-Cookie cookie2=value; Path=/somePath to Set-Cookie cookie1=value; Path=/somePath; Secure; Http-Only Set-Cookie cookie2=value; Path=/somePath; Secure; Http-Only I use mod_headers for it with following rule: Header edit Set-Cookie ^(.*)$ $1;Secure;HttpOnly It works fine when only one cookie is set, but if there is more than one, it just removes all the following and they are not set at all. Any help how to write mod_headers rule for multiple values? or the problem is in something else?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >