Search Results

Search found 2824 results on 113 pages for 'supply chain'.

Page 32/113 | < Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >

  • How do chains work in Rainbow tables?

    - by James Moore
    Hello, I was wondering if should one could explain in detail how chains work in rainbow tables as though you would a complete novice but with relevance to programming. I understand that a chain is 16 bytes long. 8 bytes mark the starting point and 8 mark the end. I also understand that in the filename we have the chain length i.e. 2400. Which means that between our starting point and end point in just 16 bytes we have 2400 possible clear texts? What? How does that work? in those 16 bytes how do i get my 2400 hashes and clear texts or am i miss understanding this? Your help is greatly appreciated. Thanks P.s. I have read the related papers and googled this topic a fair bit. I think im just missing something important to make these gears turn.

    Read the article

  • Class hierarchy problem (with generic's variance!)

    - by devoured elysium
    The problem: class StatesChain : IState, IHasStateList { private TasksChain tasks = new TasksChain(); ... public IList<IState> States { get { return _taskChain.Tasks; } } IList<ITask> IHasTasksCollection.Tasks { get { return _taskChain.Tasks; } <-- ERROR! You can't do this in C#! I want to return an IList<ITask> from an IList<IStates>. } } Assuming the IList returned will be read-only, I know that what I'm trying to achieve is safe (or is it not?). Is there any way I can accomplish what I'm trying? I wouldn't want to try to implement myself the TasksChain algorithm (again!), as it would be error prone and would lead to code duplication. Maybe I could just define an abstract Chain and then implement both TasksChain and StatesChain from there? Or maybe implementing a Chain<T> class? How would you approach this situation? The Details: I have defined an ITask interface: public interface ITask { bool Run(); ITask FailureTask { get; } } and a IState interface that inherits from ITask: public interface IState : ITask { IState FailureState { get; } } I have also defined an IHasTasksList interface: interface IHasTasksList { List<Tasks> Tasks { get; } } and an IHasStatesList: interface IHasTasksList { List<Tasks> States { get; } } Now, I have defined a TasksChain, that is a class that has some code logic that will manipulate a chain of tasks (beware that TasksChain is itself a kind of ITask!): class TasksChain : ITask, IHasTasksList { IList<ITask> tasks = new List<ITask>(); ... public List<ITask> Tasks { get { return _tasks; } } ... } I am implementing a State the following way: public class State : IState { private readonly TaskChain _taskChain = new TaskChain(); public State(Precondition precondition, Execution execution) { _taskChain.Tasks.Add(precondition); _taskChain.Tasks.Add(execution); } public bool Run() { return _taskChain.Run(); } public IState FailureState { get { return (IState)_taskChain.Tasks[0].FailureTask; } } ITask ITask.FailureTask { get { return FailureState; } } } which, as you can see, makes use of explicit interface implementations to "hide" FailureTask and instead show FailureState property. The problem comes from the fact that I also want to define a StatesChain, that inherits both from IState and IHasStateList (and that also imples ITask and IHasTaskList, implemented as explicit interfaces) and I want it to also hide IHasTaskList's Tasks and only show IHasStateList's States. (What is contained in "The problem" section should really be after this, but I thought puting it first would be way more reader friendly). (pff..long text) Thanks!

    Read the article

  • Expression Too Complex In Access 2007

    - by Jazzepi
    When I try to run this query in Access through the ODBC interface into a MySQL database I get an "Expression too complex in query expression" error. The essential thing I'm trying to do is translate abbreviated names of languages into their full body English counterparts. I was curious if there was some way to "trick" access into thinking the expression is smaller with sub queries, or if someone else had a better idea of how to solve this problem. I thought about making a temporary table and doing a join on it, but that's not supported in Access SQL. Just as an FYI, the query worked fine until I added the big long IFF chain. I tested the query on a smaller IFF chain for three languages, and that wasn't an issue, so the problem definitely stems from the huge IFF chain (It's 26 deep). Also, I might be able to drop some of the options (like combining the different forms of Chinese or Portuguese) As a test, I was able to get the SQL query to work after paring it down to 14 IFF() statements, but that's a far cry from the 26 languages I'd like to represent. SELECT TOP 5 Count( * ) AS [Number of visits by language], IIf(login.lang="ar","Arabic",IIf(login.lang="bg","Bulgarian",IIf(login.lang="zh_CN","Chinese (Simplified Han)",IIf(login.lang="zh_TW","Chinese (Traditional Han)",IIf(login.lang="cs","Czech",IIf(login.lang="da","Danish",IIf(login.lang="de","German",IIf(login.lang="en_US","United States English",IIf(login.lang="en_GB","British English",IIf(login.lang="es","Spanish",IIf(login.lang="fr","French",IIf(login.lang="el","Greek",IIf(login.lang="it","Italian",IIf(login.lang="ko","Korean",IIf(login.lang="hu","Hungarian",IIf(login.lang="nl","Dutch",IIf(login.lang="pl","Polish",IIf(login.lang="pt_PT","European Portuguese",IIf(login.lang="pt_BR","Brazilian Portuguese",IIf(login.lang="ru","Russian",IIf(login.lang="sk","Slovak",IIf(login.lang="sl","Slovenian","IIf(login.lang="fi","Finnish",IIf(login.lang="sv","Swedish",IIf(login.lang="tr","Turkish","Unknown")))))))))))))))))))))))))) AS [Language] FROM login, reservations, reservation_users, schedules WHERE (reservations.start_date Between DATEDIFF('s','1970-01-01 00:00:00',[Starting Date in the Following Format YYYY/MM/DD]) And DATEDIFF('s','1970-01-01 00:00:00',[Ending Date in the Following Format YYYY/MM/DD])) And reservations.is_blackout=0 And reservation_users.memberid=login.memberid And reservation_users.resid=reservations.resid And reservation_users.invited=0 And reservations.scheduleid=schedules.scheduleid And scheduletitle=[Schedule Title] GROUP BY login.lang ORDER BY Count( * ) DESC; @ Michael Todd I completely agree. The list of languages should have been a table in the database and the login.lang should have been a FK into that table. Unfortunately this isn't how the database was written, and it's not really mine to modify. The languages are placed into the login.lang field by the PHP running on top of the database.

    Read the article

  • How many layers are between my program and the hardware?

    - by sub
    I somehow have the feeling that modern systems, including runtime libraries, this exception handler and that built-in debugger build up more and more layers between my (C++) programs and the CPU/rest of the hardware. I'm thinking of something like this: 1 + 2 OS top layer Runtime library/helper/error handler a hell lot of DLL modules OS kernel layer Do you really want to run 1 + 2?-Windows popup (don't take this serious) OS kernel layer Hardware abstraction Hardware Go through at least 100 miles of circuits Eventually arrive at the CPU ADD 1, 2 Go all the way back to my program Nearly all technical things are simply wrong and in some random order, but you get my point right? How much longer/shorter is this chain when I run a C++ program that calculates 1 + 2 at runtime on Windows? How about when I do this in an interpreter? (Python|Ruby|PHP) Is this chain really as dramatic in reality? Does Windows really try "not to stand in the way"? e.g.: Direct connection my binary < hardware?

    Read the article

  • Combining SpecFlow table and Moq mocked object

    - by Confused
    I have a situation where I want to use a mocked object (using Moq) so I can create setup and expectations, but also want to supply some of the property values using the SpecFlow Table. Is there a convenient way to create a mock and supply the table for the seed values? // Specflow feature Scenario Outline: MyOutline Given I have a MyObject object as | Field | Value | | Title | The Title | | Id | The Id | // Specflow step code Mock<MyObject> _myMock; [Given(@"I have a MyObject object as")] public void GivenIHaveAMyObjectObjectAs(Table table) { var obj = table.CreateInstance<MyObject>(); _myMock = new Mock<MyObject>(); // How do I easily combine the two? }

    Read the article

  • How to add response headers based on Content-type, or getting Content-type before the response is co

    - by Bozho
    I want to set the Expires header for all image/* and text/css. I'm doing this in a Filter. However: before calling chain.doFilter(..) the Content-type is not yet "realized" after calling chain.doFilter(..) the Content-type is set, but so is content-length, which forbids adding new headers (at least in Tomcat implementation) I can use the extensions of the requested resource, but since some of the css files are generated by richfaces by taking them from inside jar-files, the name of the file isn't x.css, but is /xx/yy/zz.xcss/DATB/.... So, is there a way to get the Content-type before the response is committed.

    Read the article

  • Redirecting the response from a filter throws an IllegalStateException

    - by Ritesh M Nayak
    I am writing a filter that will handle all authentication related tasks. My filter is a standard servlet filter as shown below @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { UserSession attribute = (UserSession)request.getSession().getAttribute("user_session_key"); if(attribute!=null && attribute.isValid()) { //proceed as usual, chain.doFilter(req, res); return; } else { //means the user is not authenticated, so we must redirect him/her to the login page ((HttpServletResponse)res).sendRedirect("loginpage"); return; } } But when I do this, I get an IllegalStateException thrown by Tomcat's ResponseFacade. How do I acheive this in a filter. I read in other SO threads that in TOmcat this is a problem as the response object is already commited. How do I get past this ?

    Read the article

  • Disable system sleep during long builds

    - by Paul Alexander
    From time to time I need to run a full build of the entire tool chain for our software on my development machine. To save on power my I've got my dev machine set to go sleep after 20 minutes of inactivity. Building the full tool chain can take up to an hour and I'll often just go to lunch. However, if I forget to disable sleep I can return to a sleeping machine with the build only partially complete. What I'm looking for is a way to automatically disable sleep while MSBuild is running. Does anyone know of a simple way of doing this?

    Read the article

  • Does replacing statements by expressions using the C++ comma operator could allow more compiler opti

    - by Gabriel Cuvillier
    The C++ comma operator is used to chain individual expressions, yielding the value of the last executed expression as the result. For example the skeleton code (6 statements, 6 expressions): step1; step2; if (condition) step3; return step4; else return step5; May be rewritten to: (1 statement, 6 expressions) return step1, step2, condition? step3, step4 : step5; I noticed that it is not possible to perform step-by-step debugging of such code, as the expression chain seems to be executed as a whole. Does it means that the compiler is able to perform special optimizations which are not possible with the traditional statement approach (specially if the steps are const or inline)? Note: I'm not talking about the coding style merit of that way of expressing sequence of expressions! Just about the possible optimisations allowed by replacing statements by expressions.

    Read the article

  • jQuery get value from checked element with a given name

    - by Travis Leleu
    I've got an input like so: I'd like to use jQuery to grab that element, and add the function call foo() to the change event. Currently I can get it done, but there are two hacks involved. My (working) code: $(":input[name*=myfield]").change( function( $(":input[name*=myfield]") ) { foo(); }); )}; There are two hacks in there I'd like to eliminate. Keeping in mind that the input names are multidimensional arrays, how can I use the :input[name=somename], versus [name*=someone]? I'd imagine it's faster using an exact name rather than *=, but I can't get the escape sequence correct for the brackets on the multidimensional arrays. Can I chain the call together so that I don't have to select the element twice? Is the standard practice for that to select the HTML element into a var, then use that var? Or can I chain it together? Thanks for the help. Still working on getting my footing in JS/JQ.

    Read the article

  • Typical text encoding and EOL behavior on mobile devices

    - by Dan W
    Typical things to worry about when dealing with text are the BOM/signature, encoding, and the end of line (EOL) char/chars. I know that Windows often favours \r\n (CR+LF) and Mac/Linux favours \n (LF), but how about popular mobile devices such as the iPhone and Android? Do typical apps on those platforms favour one or the other (or maybe even \r for iOS)? I'll supply both types to the user just in case, but I'd like to choose one as default. Also, which text encodings are mobiles most likely to use - UTF-8, iso-8859-1, Windows 1252 (or other default codepage) or maybe even UTF-16? And if they use UTF-8/16, are they likely to need (or require not having) a BOM/signature? What is the typical behavior here? Once again, I'll supply a range of encodings to the user just in case, but I'd like to prioritize or use certain encodings as default if it's appropriate.

    Read the article

  • How to let an average user design a boolean expression graphically

    - by Svein Bringsli
    In our application there's a list of customers, and a list of keywords (among other things). Each customer can have a number of keywords, but it's not mandatory. So for instance, one customer can have the keywords "retail" and "chain", one can have only "contractor" and a third can have none at all. I want to let the user make a selection of customers based on these keywords, but not having to write (retail AND chain) or contractor and not wholesale I would like to make it as user-friendly as possible, and ideally with only "simple" controls, like checkboxes, comboboxes etc. Does anyone have any suggestions on how to design this? Or maybe some examples of applications where there are similar functionality?

    Read the article

  • how many times a word appears into a txt file

    - by m4g4bu
    I've a problem when i tried to count how many time a word appears into a txt file. 1/ I create a textfield ( txta ) 2/ I create a button to apply the action ( btn ) 3/ I create a textarea ( area ) that is the place where the content of the file is displayed When I select the file, the content of the file is displayed on area, then I enter the word in txta to search and then I clicked the btn but the code is not working public int contarPalabras(String chain, String word) { // Recibe un string y una palabra y devuelve la cantidad de veces que encontró esa palabra en el string. // Si no encuentra la letra devuelve (-1). int cant = 0; int intIndex = chain.indexOf(word); if(intIndex == - 1){ cant = -1; }else{ cant = intIndex; } return cant; }

    Read the article

  • How do I redirect to the current page in Servlet Filter?

    - by JeffJak
    I have a page say: /myapp/test.jsp?queryString=Y. The filter needs to redirect to current page. It should go to /myapp/test.jsp (without the query string). The below seems to bring it to to the context root: /myapp. I am running in WAS6.1. public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) req; HttpServletResponse httpResp = (HttpServletResponse) resp; { boolean blnNeedToRedirect = true; if (blnNeedToRedirect) { httpResp.sendRedirect("."); return; } chain.doFilter(req, resp); }

    Read the article

  • Rails - session information being cleared?

    - by Jty.tan
    Hi! I'm having a weird issue that I can't track down... For context, I have resources of Users, Registries, and Giftlines. Each User has many Registries. Each Registry has many Giftlines. It's a belongs to association for them in a reverse manner. What is basically happening, is that when I am creating a giftline, the giftline itself is created properly, and linked to its associated Registry properly, but then in the process of being redirected back to the Registry show page, the session[:user_id] variable is cleared and I'm logged out. As far as I can tell, where it goes wrong is here in the registries_controller: def show @registry = Registry.find(params[:id]) @user = User.find(@registry.user_id) if (params[:user_id] && (@user.login != params[:user_id]) ) flash[:notice] = "User #{params[:user_id]} does not have such a registry." redirect_to user_registries_path(session[:user_id]) end end Now, to be clear, I can do a show of the registry normally, and nothing weird happens. It's only when I've added a giftline does the session[:user_id] variable get cleared. I used the debugger and this is what seems to be happening. (rdb:19) list [20, 29] in /Users/kriston/Dropbox/ruby_apps/bee_registered/app/controllers/registries_controller.rb 20 render :action => 'new' 21 end 22 end 23 24 def show => 25 @registry = Registry.find(params[:id]) 26 @user = User.find(@registry.user_id) 27 if (params[:user_id] && (@user.login != params[:user_id]) ) 28 flash[:notice] = "User #{params[:user_id]} does not have such a registry." 29 redirect_to user_registries_path(session[:user_id]) (rdb:19) session[:user_id] "tester" (rdb:19) So from there we can see that the code has gotten back to the show command after the item had been added, and that the session[:user_id] variable is still set. (rdb:19) list [22, 31] in /Users/kriston/Dropbox/ruby_apps/bee_registered/app/controllers/registries_controller.rb 22 end 23 24 def show 25 @registry = Registry.find(params[:id]) 26 @user = User.find(@registry.user_id) => 27 if (params[:user_id] && (@user.login != params[:user_id]) ) 28 flash[:notice] = "User #{params[:user_id]} does not have such a registry." 29 redirect_to user_registries_path(session[:user_id]) 30 end 31 end (rdb:19) session[:user_id] "tester" (rdb:19) Stepping on, we get to this point. And the session[:user_id] is still set. At this point, the URL is of the format localhost:3000/registries/:id, so params[:user_id] fails, and the if condition doesn't occur. (Unless I am completely wrong .<) So then the next bit occurs, which is (rdb:19) list [1327, 1336] in /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb 1327 end 1328 1329 def perform_action 1330 if action_methods.include?(action_name) 1331 send(action_name) => 1332 default_render unless performed? 1333 elsif respond_to? :method_missing 1334 method_missing action_name 1335 default_render unless performed? 1336 else (rdb:19) session[:user_id] "tester" And then when I hit next... (rdb:19) next 2: session[:user_id] = /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:618 return index if nesting != 0 || aborted (rdb:19) list [613, 622] in /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb 613 private 614 def call_filters(chain, index, nesting) 615 index = run_before_filters(chain, index, nesting) 616 aborted = @before_filter_chain_aborted 617 perform_action_without_filters unless performed? || aborted => 618 return index if nesting != 0 || aborted 619 run_after_filters(chain, index) 620 end 621 622 def run_before_filters(chain, index, nesting) (rdb:19) session {:user_id=>nil, :session_id=>"49992cdf2ddc708b441807f998af7ddc", :return_to=>"/registries", "flash"=>{}, :_csrf_token=>"xMDI0oDaOgbzhQhDG7EqOlGlxwIhHlB6c71fWgOIKcs="} The session[:user_id] is cleared, and when the page renders, I'm logged out. .< Sooo.... Any idea why this is occurring? It just occurred to me that I'm not sure if I'm meant to be pasting large chunks of debug output in here... Somebody point out to me if I'm not meant to be doing this. . And yes, this only occurs when I have added a giftitem, and it is sending me back to the registry page. When I'm viewing it, the same code occurs, but the session[:user_id] variable isn't cleared. It's driving me mildly insane. Thanks!

    Read the article

  • Is there a browser-agnostic way to detect client-side script errors with Watin?

    - by Michael
    We're using WatiN to test our web portals. During the course of an E2E test, we'll occasionally see client-side script errors on the IE status bar. I'd like to chain a handler onto the script error event and record the error for later analysis and bug filing. Problem is, I don't know that there's a global script error event or how to chain into it. And if there's not a browser-agnostic way to accomplish this, I can create MyIE and MyFF subclasses but then this becomes two browser-specific questions. In essence, I'm thinking of something like this entirely made-up call: browser.ScriptEngine.SetCustomErrorHandler(LogScriptingError); ... where LogScriptErrors is my code that does the obvious. Many of our client-side scripting errors don't necessarily prevent the test from continuing (a pretty UI element didn't animate, for example, but the underlying form is still submittable), so I'd like to log the error and forge ahead in most cases.

    Read the article

  • Windows based development for ARM processors

    - by user367231
    I am a complete newbie to the ARM world. I need to be able to write C code, compile it, and then download into an ARM emulator, and execute. I need to use the GCC 4.1.2 compiler for the C code compilation. Can anybody point me in the correct directions for the following issues? What tool chain to use? What emulator to use? Are there tutorials or guides on setting up the tool chain?

    Read the article

  • How to write an Android SocketServer to listen on wifi

    - by xioxox
    I've written a thread using java.net.SocketServer to listen on a particular port. It works fine in the android simulator (using port forwarding). I'm planning to connect over wifi to this port when the app is being used. However, the SocketServer documentation says that if you don't supply an InetAddress, the server listens on localhost. Am I correct that if I do not supply the address, I will not be able to get a connection over wifi? How can I get the InetAddress of the wifi connection to pass to the SocketServer?

    Read the article

  • routing paramenter returns null when only supplying first paramenter in MVC

    - by Ray ForRespect
    My issue is that I customer Map Route in MVC which takes three parameters. When I supply all three or just two, the parameters are passed from the URL to my controller. However, when I only supply the first parameter, it is not passed and returns null. Not sure what causes this behavior. Route: routes.MapRoute( name: "Details", // Route name url: "{controller}/{action}/{param1}/{param2}/{param3}", // URL with parameters defaults: new { controller = "Details", action = "Index", param1 = UrlParameter.Optional, param2 = UrlParameter.Optional, param3 = UrlParameter.Optional } // Parameter defaults ); Controller: public ActionResult Map(string param1, string param2, string param3) { StoreMap makeMap = new StoreMap(); var storemap = makeMap.makeStoreMap(param1, param2, param3); var model = storemap; return View(model); } string param1 returns null when I navigate to: /StoreMap/Map/PARAM1NAME but it doesn't return null when I navigate to: /StoreMap/Map/PARAM1NAME/PARAM2NAME

    Read the article

  • How to add response headers based on Content-type; getting Content-type before the response is commi

    - by Bozho
    I want to set the Expires header for all image/* and text/css. I'm doing this in a Filter. However: before calling chain.doFilter(..) the Content-type is not yet "realized" after calling chain.doFilter(..) the Content-type is set, but so is content-length, which forbids adding new headers (at least in Tomcat implementation) I can use the extensions of the requested resource, but since some of the css files are generated by richfaces by taking them from inside jar-files, the name of the file isn't x.css, but is /xx/yy/zz.xcss/DATB/.... So, is there a way to get the Content-type before the response is committed.

    Read the article

  • Function chaining depending on boolean result

    - by Markive
    This is just an efficiency question really.. I'm interested to know if there is a more efficient or logical way that people use to handle this sort of scenario. In my asp.net application I am running a script to generate a new project my code at the top level looks like this: Dim ok As Boolean = True ok = createFolderStructure() If ok Then ok = createMDB() If ok Then ok = createProjectConfig() If ok Then ok = updateCompanyConfig() I create a boolean and each function returns a boolean result, the next function in this chain will only run if the previous one was successful. I do this because an asp.net application will continue to run through the page life cycle unless there is an unhandled exception and I don't want my whole application to be screwed up if something in the chain goes wrong (there is a lot of copying and deleting of files etc.. in this example). I was just wondering how other people handle this scenario? the vb.net single line if statement is quite succinct but I'm wondering if there is a better way?

    Read the article

  • Lithium: Run filter after find() to format output

    - by Housni
    I wanted to specify the output of a field from within my model so I added a date key to my $_schema: models/Tags.php <?php protected $_schema = array( 'id' => array('type' => 'integer', 'key' => 'primary'), 'title' => array('type' => 'string'), 'created' => array('type' => 'integer', 'date' => 'F jS, Y - g:i a'), 'modified' => array('type' => 'integer') ); ?> I store my time as an unsigned integer in the db (output of time()). I want my base model to format any field that has the date key for output. I thought the best place to do that would be right after a find: extensions/data/Model.php <?php static::applyFilter('find', function($self, $params, $chain) { $schema = $self::schema(); $entity = $chain->next($self, $params, $chain); foreach ($schema as $field => $options) { if (array_key_exists('date', $options)) { //format as a date $params['data'][$field] = $entity->formatDate($field, $options['date']); } } return $entity; }); public function formatdate($entity, $field, $format, $timezone = 'Asia/Colombo') { $dt = new \DateTime(); $tz = new \DateTimeZone($timezone); $dt->setTimestamp($entity->$field); $dt->setTimezone($tz); return $dt->format($format); } ?> This doesn't seem to be working. When I execute a find all, this filter seems to get hit twice. The first time, $entity contains a count() of the results and only on the second hit does it contain the Records object. What am I doing wrong? How do I alter this so that simply doing <?= $tag->created; ?> in my view will format the date the way I want? This, essentially, needs to be an 'after filter', of sorts. EDIT If I can find a way to access the current model entity object (not the full namespaced path, $self contains that), I can probably solve my problem.

    Read the article

  • How can I observe the style on an element during mouse-over?

    - by DaveDev
    We supply micro-site content to a client. They supply us with a HTML wrapper and we inject our content into it. I'm trying to debug an issue where our style sheet appears to be interfering with the style in their wrapper. Normally I'd use firebug or IE Developer Toolbar to select the element and I can see which styles are being applied, which are being overridden and where they are coming from. But this particular problem only exists when I hover the mouse over a link. Specifically, the link shrinks a little bit. Is there anything that I can use to see what the browser is doing with the styles when I hover the mouse over the link?

    Read the article

  • iptables not allowing mysql connections to aliased ips?

    - by Curtis
    I have a fairly simple iptables firewall on a server that provides MySQL services, but iptables seems to be giving me very inconsistent results. The default policy on the script is as follows: iptables -P INPUT DROP I can then make MySQL public with the following rule: iptables -A INPUT -p tcp --dport 3306 -j ACCEPT With this rule in place, I can connect to MySQL from any source IP to any destination IP on the server without a problem. However, when I try to restrict access to just three IPs by replacing the above line with the following, I run into trouble (xxx=masked octect): iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.184 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.196 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.251 -j ACCEPT Once the above rules are in place, the following happens: I can connect to the MySQL server from the .184, .196 and .251 hosts just fine as long as am connecting to the MySQL server using it's default IP address or an IP alias in the same subnet as the default IP address. I am unable to connect to MySQL using IP aliases that are assigned to the server from a different subnet than the server's default IP when I'm coming from the .184 or .196 hosts, but .251 works just fine. From the .184 or .196 hosts, a telnet attempt just hangs... # telnet 209.xxx.xxx.22 3306 Trying 209.xxx.xxx.22... If I remove the .251 line (making .196 the last rule added), the .196 host still can not connect to MySQL using IP aliases (so it's not the order of the rules that is causing the inconsistent behavior). I know, this particular test was silly as it shouldn't matter what order these three rules are added in, but I figured someone might ask. If I switch back to the "public" rule, all hosts can connect to the MySQL server using either the default or aliased IPs (in either subnet): iptables -A INPUT -p tcp --dport 3306 -j ACCEPT The server is running in a CentOS 5.4 OpenVZ/Proxmox container (2.6.32-4-pve). And, just in case you prefer to see the problem rules in the context of the iptables script, here it is (xxx=masked octect): # Flush old rules, old custom tables /sbin/iptables --flush /sbin/iptables --delete-chain # Set default policies for all three default chains /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT # Enable free use of loopback interfaces /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # All TCP sessions should begin with SYN /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Accept inbound TCP packets (Do this *before* adding the 'blocked' chain) /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow the server's own IP to connect to itself /sbin/iptables -A INPUT -i eth0 -s 208.xxx.xxx.178 -j ACCEPT # Add the 'blocked' chain *after* we've accepted established/related connections # so we remain efficient and only evaluate new/inbound connections /sbin/iptables -N BLOCKED /sbin/iptables -A INPUT -j BLOCKED # Accept inbound ICMP messages /sbin/iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT /sbin/iptables -A INPUT -p ICMP --icmp-type 11 -j ACCEPT # ssh (private) /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # ftp (private) /sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # www (public) /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT # smtp (public) /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 2525 -j ACCEPT # pop (public) /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT # mysql (private) /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.184 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.196 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.251 -j ACCEPT Any ideas? Thanks in advance. :-)

    Read the article

< Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >