Search Results

Search found 1464 results on 59 pages for 'blocking'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 5/59 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Self-imposed lockout from program

    - by Alex
    I'm plagued with a lack of willpower. I recently started looking for solutions, and came across a program for macs called SelfControl which completely blocks one's access to a given set of websites for a given period of time (you can delete the program/restart your computer/do almost anything and it will still block those sites for the specified time period, and doesn't require a password to do it.) Unfortunately, there are no windows analogues. The one that comes the closest is Cold Turkey. It has the functionality whereby you set a time in the future, specify a list of websites (or programs - eg explorer, firefox, chrome) and you are blocked from accessing them for the whole duration. No password can undo it, no system reboot, etc. The problem is that the program is a buggy piece of garbage, and in order to ensure that you're not locked out from websites forever, you have to run an uninstaller which is just an exe file accessible at any time which completely defeats the purpose of a self-imposed program lockout. I want to make a better version of that program, or find a simple way to prevent access to a given set of programs over a given period of time with no way around it. I've only taken a few introductory courses in java (math major), but the internet is really having a negative effect on my studies, and the only way I can do work is to eliminate all distractions. What do I need to learn in order to make a program with the following properties: Given a set of .exe files, and a time in the future , this program will prevent access to the given .exe files until current time = given time restarting the computer doesn't interfere with the program, one can't uninstall the program until current time = given time, one can't create another instance of the program to block itself I don't care how much programming knowledge i need to acquire in order to make this program, so please give me a specific list of things that I need to study in order to make this happen, or if something like this exists, then please let me know.

    Read the article

  • Iptables working strangely

    - by user109985
    I have Ubuntu 12.04 x64 installed in my laptop. I'm quite new to linux, and I wanted to specify certain rules for the iptables firewall. This is the saved config of my iptables: *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 192.168.1.100:3306 -A PREROUTING -p tcp -m tcp --dport 11002 -j DNAT --to-destination 192.168.1.100:11002 -A PREROUTING -p tcp -m tcp --dport 13000 -j DNAT --to-destination 192.168.1.100:13000 -A PREROUTING -p tcp -m tcp --dport 13001 -j DNAT --to-destination 192.168.1.100:13001 -A PREROUTING -p tcp -m tcp --dport 13002 -j DNAT --to-destination 192.168.1.100:13002 -A PREROUTING -p tcp -m tcp --dport 13003 -j DNAT --to-destination 192.168.1.100:13003 -A PREROUTING -p tcp -m tcp --dport 13004 -j DNAT --to-destination 192.168.1.100:13004 -A PREROUTING -p tcp -m tcp --dport 13061 -j DNAT --to-destination 192.168.1.100:13061 -A PREROUTING -p tcp -m tcp --dport 13099 -j DNAT --to-destination 192.168.1.100:13099 -A POSTROUTING -j MASQUERADE COMMIT *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT COMMIT In theory, what it does is to drop all connections in all ports except for http, mysql and few other ports. Moreover, it redirects all mysql and 13000-13004..etc port connections to a specific local ip in the same port, which is 192.168.1.100. But what I find strange is that when my firewall is active, it blocks absolutely all the input connections, even those which must not block (http, mysql). In fact, I'm literally blocked and I can't establish any external connection. What am I doing wrong? PS: I tested the firewall without those redirections, and it still block all inputs, so I suppose it's not the problem.

    Read the article

  • Blocking yandex.ru bot

    - by Ross
    I want to block all request from yandex.ru search bot. It is very traffic intensive (2GB/day). I first blocked one C class IP range, but it seems this bot appear from different IP ranges. For example: spider31.yandex.ru - 77.88.26.27 spider79.yandex.ru - 95.108.155.251 etc.. I can put some deny in robots.txt but not sure if it respect this. I am thinking of blocking a list of IP ranges. Can somebody suggest some general solution.

    Read the article

  • How to create a shared lock blocking an intent exclusive lock

    - by FremenFreedom
    As I understand it, a SELECT statement will place a shared lock on the rows that it will return. While that SELECT is running, if an UPDATE statement comes along and needs to grab an intent exclusive lock then that UPDATE statement will need to wait until the SELECT statement releases its shared locks. I am trying to test this SELECT shared lock thing by doing a BEGIN TRAN and then running a SELECT, not COMMITing, and then running an UPDATE in another session on the exact same row. The UPDATE worked fine -- no lock, no wait. So this must not be a valid way to simulate a shared lock blocking an intent exclusive lock? Can you give me a scenario where I can create a lock with a SELECT that would force an UPDATE to wait? I'm working with SQL Server 2000 and 2005 across a linked server: the table is on the 2005 instance, the select is happening on 2000, and the update is executed from 2005. All in SSMS 2005.

    Read the article

  • Windows 7 Group Policy blocking Adobe Reader

    - by Danny Chia
    A few weeks ago, my company blocked Adobe Reader due to an unpatched security issue. However, we recently moved one of our computers to a project that didn't require access to the corporate network, and IT gave us the green light to override Group Policy and re-enable Adobe Reader. However, this is something we've been unable to achieve. We've tried the following (in no particular order), all to no avail: Ran the program as administrator Renamed the program (the blocking is likely signature-based) Deleted registry.pol Changed the value of "Start" in \HKEY_LOCAL_MACHINE\CurrentControlSet\services\gpsvc to "4" (to prevent group policy from applying, even though it's no longer on the corporate domain) Checked SRP settings under Local Security Policy - nothing was there Checked AppLocker settings under Local Security Policy - nothing there either Incidentally, I found a few registry keys with descriptions referring to Adobe Reader being blocked. I deleted all of them, but it didn't help. Changed the permission settings of the program Re-installed Adobe Reader Is there anything I missed, short of doing a clean install?

    Read the article

  • IE6 blocking all intranet cookies.. please help

    - by BillMan
    So today, IE6 just suddenly started blocking cookies in my local intranet. It accepts cookies from the internet zone just fine. I tried overriding all the cookies policies with no help (adding my site, etc). When looking why the cookies are blocked, I get messages saying that "IE couldn't find privacy policy for http://mysite...". This is killing me.. been reading a couple knowledge base articles about deleting registry keys, and nothing has worked. Any help would be appreciated. Probably related, I was using the IE developer toolbar yesterday to test the behavior of browsers with cookies disabled. Now the option to disable cookies just has a "-" next to it. I removed the toolbar to see if that helped.. nothing..

    Read the article

  • Blocking the Apple OS X App Store

    - by Jon Rhoades
    Being the evil corporate IT overlords we need to block the new OS X App Store. As you may be aware the 10.6.6 update installs the App Store App which allows users to download and install apps without admin privileges. Some Suggestions: Don't update to 10.6.6+ Use parental controls Presumably some OD policy (if you have an OD server which we don't) Block the App store by DNS or Proxy Not updating to 10.6.6+ isn't really a long term solution as it contains security fixes and new Macs will come with it anyway. Blocking the App store at a network level doesn't solve laptop users. Ideally a simple system preference or editing of a plist that can be pushed out by ARD would be the best solution. Please note the question isn't should we block the App store, it's how we can block the App store.

    Read the article

  • What tangible security are gained by blocking all but a few outgoing ports in a firewall

    - by Frankie Dintino
    Our current hardware firewall allows for blocking incoming and outgoing ports. We have two possibilities: Block certain troublesome ports (unsecured smtp, bittorrent, etc.) Block all but a few approved ports (http, https, ssh, imap-ssl, etc.) I see several downsides with option 2. Occasionally web servers are hosted on non-standard ports and we would have to deal with the resulting issues. Also, there is nothing preventing a malicious or unwanted service from being hosted on port 80, for instance. What are are the upsides?

    Read the article

  • Blocking a country (mass iP Ranges), best practice for the actual block

    - by kwiksand
    Hi all, This question has obviously been asked many times in many different forms, but I can't find an actual answer to the specific plan I've got. We run a popular European Commercial deals site, and are getting a large amount of incoming registrations/traffic from countries who cannot even take part in the deals we offer (and many of the retailers aren't even known outside Western Europe). I've identified the problem area to block a lot of this traffic, but (as expected) there are thousands of ip ranges required. My question now (finally!). On a test server, I created a script to block each range within iptables, but the amount of time it took to add the rules was large, and then iptables was unresponsive after this (especially when attempting a iptables -L). What is the most efficient way of blocking large numbers of ip ranges: iptables? Or a plugin where I can preload them efficiantly? hosts.deny? .htaccess (nasty as I'd be running it in apache on every load balanced web server)? Cheers

    Read the article

  • Sonicwall Enhanced With One-To-One NAT, Firewall Blocking Everything

    - by Justin
    Hello, just migrated from a Sonicwall TZ180 (Standard) to a Sonicwall TZ200 (Enhanced). Everything is working except the firewall rules are blocking everything. All hosts are online, and being assigned correct ip addresses. I can browse the internet on the hosts. I am using one-to-one NAT translating public ip addresses to private. 64.87.28.98 -> 192.168.1.2 64.87.28.99 -> 192.168.1.3 etc First order of business is to get ping working. My rule is in the new firewall is (FROM WAN to LAN): SOURCE DESTINATION SERVICE ACTION USERS ANY 192.168.1.2-192.168.1.6 PING ALLOW ALL This should be working, but not. I even tried changing the destination to the public ip addresses, but still no luck. SOURCE DESTINATION SERVICE ACTION USERS ANY 64.87.28.98-64.87.28.106 PING ALLOW ALL Any ideas what I am doing wrong?

    Read the article

  • Blocking IP's Nginx behind proxy

    - by FunkyChicken
    I'm running a Nginx 1.2.4 webserver here, and I'm behind a proxy of my hoster to prevent ddos attacks. The downside of being behind this proxy is that I need to get the REAL IP information from an extra header. In PHP it works great by doing $_SERVER[HTTP_X_REAL_IP] for example. Now before I was behind this proxy of my hoster I had a very effective way of blocking certain IP's by doing this: include /etc/nginx/block.conf and to allow/deny IP's there. But now due to the proxy, Nginx sees all traffic coming from 1 IP. Is there a way I can get Nginx to read the IP's like how PHP does, with the X-REAL-IP header?

    Read the article

  • Blocking apache access via user agent string

    - by Tchalvak
    I've got a scripter who is using a proxy to attack a website I'm serving. I've noticed that they tend to access the site via software with a certain common user agent string (i.e. http://www.itsecteam.com/en/projects/project1_page2.htm "Havij advanced sql injection software" with a user_agent string of Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij). I'm aware that any cracking software worth it's salt will probably be able to modify it's user agent string, but I'm fine with the scripter having to deal with that feature at some point. So, is there any software out there for automatically blocking access & permanently blacklisting by matching user agent strings?

    Read the article

  • Mac firewall blocking nginx (port 80) from external side

    - by Alex Ionescu
    I installed nginx using ports and started it with sudo. Accessing the nginx welcome page from localhost works perfectly, however accessing it from an external computer fails. Doing an nmap on the computer from the outside reveals 80/tcp filtered http So clearly the mac firewall is blocking the port. I then proceed to add the nginx executable to the firewall exception list as seen in this image, however the nmap still shows up as port 80 being filtered and I'm unable to access the webpage. The exact binary that is in the list is /opt/local/sbin/nginx which to my knowledge seems correct Any ideas what I should do? Thanks! P.S. Turning the firewall off does allow me to access the website from the outside world, however that isn't an ideal solution.

    Read the article

  • Firewall still blocking port 53 despite listing otherwise?

    - by Tom
    I have 3 nodes with virtually the same iptables rules loaded from a bash script, but one particular node is blocking traffic on port 53 despite listing it's accepting it: $ iptables --list -v Chain INPUT (policy DROP 8886 packets, 657K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any anywhere anywhere 2 122 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 20738 5600K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- eth1 any anywhere node1.com multiport dports http,smtp 0 0 ACCEPT udp -- eth1 any anywhere ns.node1.com udp dpt:domain 0 0 ACCEPT tcp -- eth1 any anywhere ns.node1.com tcp dpt:domain 0 0 ACCEPT all -- eth0 any node2.backend anywhere 21 1260 ACCEPT all -- eth0 any node3.backend anywhere 0 0 ACCEPT all -- eth0 any node4.backend anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 15804 packets, 26M bytes) pkts bytes target prot opt in out source destination nmap -sV -p 53 ns.node1.com // From remote server Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-02-24 11:44 EST Interesting ports on ns.node1.com (1.2.3.4): PORT STATE SERVICE VERSION 53/tcp filtered domain Nmap finished: 1 IP address (1 host up) scanned in 0.336 seconds Any ideas? Thanks

    Read the article

  • Firestarted Blocking DHCP?

    - by Chiggins
    Alright so on my Ubuntu laptop I get a wireless internet signal, and then distribute it to a switch where my other computers are connected. I also have Firestarter installed on the laptop. I have a problem where the only way that one of my client computers try to get an IP and such from my laptop, it can't because Firestarter is blocking it somehow. I have to stop the firewall in Firestarter, then connect from a client. It connects right away, then I turn Firestarter back on. In the preferences there is an option in "Firewall" called "Start/restart firewall on DHCP lease", but if I have that checked or not doesn't make a difference. So, what can I do to fix this? Its kinda annoying to have to do this whenever I have to connect to the internet. Thanks!

    Read the article

  • Windows 7 is blocking ports

    - by Caleb1994
    I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

    Read the article

  • Windows 7 is blocking ports

    - by Caleb1994
    I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

    Read the article

  • MSSQL 2008 is claiming the firewall is blocking ports even from local machine

    - by Mercurybullet
    I was just hoping to step through a couple queries to see how the temp tables are interacting and I'm getting this message. The windows firewall on this machine is currently blocking remote debugging. Remote debugging requires that the debugging be allowed to receive information from the network.Remote debugging also requires DCOM (TCP port 135) and IPSEC (UDP 4500/UDP500) be unblocked Even when I walked over to the actual machine and tried running the debugger, I'm still getting the same message. Am I missing something or does the debugger try to run remotely even from the local machine? Since this was meant to be just a quick check, I don't need instructions on how to open up the firewall, just hoping there is a way to run the debugger locally instead.

    Read the article

  • ipfw is blocking access to a script

    - by user225551
    I need to figure out how to troubleshoot why ipfw is blocking my script. This script parses out some rss feeds over the net. I have about 10 different feed urls. About 5 or 6 of these urls are returning xml, the others are timing out. If I turn the firewall off, they will all work. The issue I'm having is that I have no idea what port I need to open for the urls that are timing out. Is there a command that will show me this?

    Read the article

  • Java / Groovy Socket - Detecting the socket being closed in a non-blocking way

    - by John Arrowwood
    I'm trying to create a small HTTP proxy that can re-write the request/headers as needed to suit my requirements. If one already exists, please, point me to it. Otherwise... I've written something that ALMOST works. It can do the proxy function, but not the re-write (yet). Problem is, I can't detect when the remote socket has been closed down without doing a blocking read. It is CRITICAL for the functionality of this thing that it be able to detect the socket being closed without blocking. I have SCOURED the Java API documentation, and I can't find ANY indication that it is even possible. Here's what I have: while ( this.inbound.isConnected() && this.outbound.isConnected() ) { try { while ( ( available = readFromClient.available() ) != 0 ) { if ( available > 1024 ) available = 1024 bytesRead = readFromClient.read( buffer, 0, available ) writeToServer.write( buffer, 0, bytesRead ) } while ( ( available = readFromServer.available() ) != 0 ) { if ( available > 1024 ) available = 1024 bytesRead = readFromServer.read( buffer, 0, available ) writeToClient.write( buffer, 0, bytesRead ) } } catch (e) { print e } println "Connected: " + this.inbound.isConnected() println "Bound: " + this.inbound.isBound() println "InputShutdown: " + this.inbound.isInputShutdown() println "OutputShutdown: " + this.inbound.isOutputShutdown() print "\n"; Thread.sleep( 10 ) } The tests for the socket being closed never indicate that the socket was closed. And, as I mentioned, I can't find ANY examples of how to detect the 'END OF FILE' condition on the stream without doing a blocking read. There HAS to be a way. Does anyone here know what it is?

    Read the article

  • .NET socket timeout - blocking on Close method

    - by Mark
    I'm having trouble implementing a connect timeout using asynchronous socket calls. The idea being that I call BeginConnect on a Socket object, then use a timer to call Close() on the socket after a timeout period has elapsed. This works fine as long as the socket is created on the GUI thread - the Close method returns immediately, and the callback method is executed. However, if the socket is created on any other thread, the Close method blocks until the default IP timeout occurs. Code to reproduce: private Socket client; private void button1_Click(object sender, EventArgs e) { // Creating the socket on a threadpool thread causes Close to block. ThreadPool.QueueUserWorkItem((object state) => { client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); IAsyncResult result = client.BeginConnect(IPAddress.Parse("144.1.1.1"), 23, new AsyncCallback(CallbackMethod), client); // Wait for 2 seconds before closing the socket. if (result.AsyncWaitHandle.WaitOne(2000)) { MessageBox.Show("Connected."); } else { MessageBox.Show("Timed out. Closing socket..."); client.Close(); MessageBox.Show("Socket closed."); } }); } private void CallbackMethod(IAsyncResult result) { MessageBox.Show("Callback started."); Socket client = result.AsyncState as Socket; try { client.EndConnect(result); } catch (ObjectDisposedException) { } MessageBox.Show("Callback finished."); } If you remove the QueueUserWorkItem line, creating the socket on the GUI thread, the socket closes instantly without blocking. Can anyone shed some light on what's going on? Thanks. Edit - System.Net trace output seems to be different depending on whether it's being connected on the GUI thread or a different thread: Trace from non-blocking close when using GUI thread Trace from blocking close when using non-GUI thread

    Read the article

  • OnConnect event not firing when using TClientSocket inside a TThread on non-blocking mode

    - by mathematician1975
    I am trying to make use of Borlands TClientSocket component in non-blocking mode inside a multithreaded C++ Windows application. I am creating multiple threads (classes derived from TThread), each of which creates its own TClientSocket object. I then assign member functions of the thread class to act as event handlers for the OnConnect, OnDisconnect and OnSocketError events of the socket. The problem I am having here is that whenever I call the TClientSocket::Open() function from within the TThread::Execute() function, the OnConnect event never fires. However, When I call the Open() function from the VCL thread prior to the TThread::Execute() function getting called, all of the events fire and I can use the thread-socket combination as I would like. Now I have not read anything in documentation that says that TClientSocket should not be used in non-blocking mode when used inside a thread, but it appears to me that there is perhaps something wrong conceptually in the way I am trying to use this class. Borland documentation is quite poor on the subject and these components have now been deprecated so reliable information is hard to come by. Despite being deprecated I have to use them as there is no alternative in the Builder 6 package I have. Can anyone please advise me if there is a right/wrong way to use TThread and a non-blocking TClientSocket in combination. I have never had problems using it as part of the VCL thread and never had problems using TServerSocket before and I really cannot understand why some events are not firing.

    Read the article

  • How to remove request blocking on apache reverse proxy after failure of backend before asking backen

    - by matnagel
    I am working on an apache2 reverse proxy vhost. When the server behind apache is down, the first request to apache shows the error page of course. But at subsequent requests it seems apache delays for some time before asking the backend server again. During all this time (which is short but in development I don't want a delay at all) only the apache error page is shown to the browser, although the backend server is already up. Where is this setting in apache, what is this behaviour, and how can I set the delay time to zero? Edit: I am not trying to change the timeout for a single request. I want to change the blocking time. It is my experience that apache blocks further requests for a certain time before asking a backend server again that has failed once. Edit2: This is what apache delivers: Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch proxy_html/3.0.0 Server at localhost Port 80 After hitting Ctrl-R in firefox for 60 seconds the page finally appears.

    Read the article

  • Read non-blocking from multiple fifos in parallel

    - by Ole Tange
    I sometimes sit with a bunch of output fifos from programs that run in parallel. I would like to merge these fifos. The naïve solution is: cat fifo* > output But this requires the first fifo to complete before reading the first byte from the second fifo, and this will block the parallel running programs. Another way is: (cat fifo1 & cat fifo2 & ... ) > output But this may mix the output thus getting half-lines in output. When reading from multiple fifos, there must be some rules for merging the files. Typically doing it on a line by line basis is enough for me, so I am looking for something that does: parallel_non_blocking_cat fifo* > output which will read from all fifos in parallel and merge the output on with a full line at a time. I can see it is not hard to write that program. All you need to do is: open all fifos do a blocking select on all of them read nonblocking from the fifo which has data into the buffer for that fifo if the buffer contains a full line (or record) then print out the line if all fifos are closed/eof: exit goto 2 So my question is not: can it be done? My question is: Is it done already and can I just install a tool that does this?

    Read the article

  • ip6tables blocking output traffic

    - by jmccrohan
    My OpenVZ VPS is blocking outbound IPv6 traffic, but correctly filtering inbound IPv6 traffic. Below is my ip6tables-restore script. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT -A INPUT -p udp -m udp --dport 51413 -j ACCEPT -A INPUT -m limit --limit 5/min -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j ACCEPT -A OUTPUT -j ACCEPT COMMIT ICMPv6 traffic is still able to pass both inbound and outbound. When I flush these rules using -F, outbound traffic flows fine. What am I missing here? EDIT: It appears that ip6tables is marking ESTABLISHED packets as INVALID. Consequently, the outbound traffic is NOT actually being blocked. The reply packets are not allowed inbound again, hence appearing like blocked outbound traffic. Allowing INVALID packets inbound solves the outbound issue, but also renders the inbound filter useless.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >