Search Results

Search found 4538 results on 182 pages for 'rules'.

Page 63/182 | < Previous Page | 59 60 61 62 63 64 65 66 67 68 69 70  | Next Page >

  • Block Google requests to 16k using pf firewall

    - by atmosx
    I'd like to block access to Google search using PF after the threshold of 17500 requests (connection established) in 24h, from a host running FreeBSD 9. What I came up with, after reading pf-faq is this rule: pass out on $net proto tcp from any to 'www.google.com' port www flags S/SA keep state (max-src-conn 200, max-src-conn-rate 17500/86400) NOTE: 86400 are 24h in seconds. The rule should work, but PF is smart enough to know that www.google.com resolves in 5 different IPs. So my pfctl -sr output gives me this: pass out on vte0 inet proto tcp from any to 173.194.44.81 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.82 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.83 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.80 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.84 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) PF creates 5 different rules, 1 for each IP that Google resolves. However I have the sense - without being 100% sure, I didn't had the chance to test it - that the number 17500/86400 applies for each IP. If that's the case - please confirm - then it's not what I want. In pf-faq there's another option called source-track-global: source-track This option enables the tracking of number of states created per source IP address. This option has two formats: + source-track rule - The maximum number of states created by this rule is limited by the rule's max-src-nodes and max-src-states options. Only state entries created by this particular rule count toward the rule's limits. + source-track global - The number of states created by all rules that use this option is limited. Each rule can specify different max-src-nodes and max-src-states options, however state entries created by any participating rule count towards each individual rule's limits. The total number of source IP addresses tracked globally can be controlled via the src-nodes runtime option. I tried to apply source-track-global in the above rule without success. How can I use this option in order to achieve my goal? Any thoughts or comments are more than welcome since I'm an amateur and don't fully understand PF yet. Thanks

    Read the article

  • Limit rate of outgoing UDP packets per second

    - by tim82
    Hi, since Teamspeak version 3 sends lots of packets per user and our provider is getting problems with his infrastructure above 20.000 packets per second we have to limit it that our servers are not going to be shut down. Red a lot about iptables but was not able to find the right rules. Could you give me an advise how to manage that the server is not going to send more than 19k packets per seconds? We are running on debian 4 Thanks in Advance Tim

    Read the article

  • SQL Server 2008 R2 upgrade fails on upgrade rule check

    - by Tim
    I'm trying to upgrade an evaluation instance of SQL Server 2008 to a fully licensed instance of SQL Server 2008 R2. I made it most of the way through the installer, but I'm getting stopped at the Upgrade Rules page - the SQL Server Analysis Services Upgrade Service Functional Check is failing. The specific error I get: Rule "SQL Server Analysis Services Upgrade Service Functional Check" failed. The current instance of the SQL Server Analysis Services service cannot be upgraded because the Analysis Services service is disabled or not online. Please start the service and then run the upgrade rules check again. Simple enough - just need to start the service. Here's where it gets troublesome. When I open Services and go to start the SQL Server Analysis Services (MSSQLSERVER) service, it provides me the following message: The SQL Server Analysis Services (MSSQLSERVER) service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. Trying from the command line as Administrator yields: PS C:\Windows\System32 net start MSSQLServerOLAPService The SQL Server Analysis Services (MSSQLSERVER) service is starting... The SQL Server Analysis Services (MSSQLSERVER) service could not be started. The service did not report an error. More help is available by typing NET HELPMSG 3534. I've tried changing the logon setting of this service to Administrator, a user with admin privileges, and both the Local System and Network Service accounts - nothing works. In addition, when I look at the service through the SQL Server Configuration Manager (also run as Administrator), attempting to change the logon setting for the service results in the message: The server threw an exception. [0x80010105] I have no need for analysis services themselves - all I need is for this one service to be running long enough to do the R2 upgrade, then it can shut down again. Any thoughts on how to get the Analysis Services service running? Update: Checking the event log, I found an error logged to the Application log from the MSSQLServerOLAPService. It has event ID 0, task category (289), and says: The service cannot be started: XML parsing failed at line 1, column 4: Unrecognized input signature.

    Read the article

  • Nginx rewrite rule with proxy pass

    - by Yoldar-Zi
    I'm trying to implement nginx rewrite rules for the following situation Request: http://192.168.64.76/Shep.ElicenseWeb/Public/OutputDocuments.ashx?uinz=12009718&iinbin=860610350635 Should be redirected to: http://localhost:82/Public/OutputDocuments.ashx?uinz=12009718&iinbin=860610350635 I tried this with no luck: location /Shep.ElicenseWeb/ { rewrite ^/Shep.ElicenseWeb/ /$1 last; proxy_pass http://localhost:82; } What is the correct way to perform such a rewrite for nginx ?

    Read the article

  • How can I run a speed test for Netflix and Hulu?

    - by Brennan Stehling
    Since the FCC rules were struck down I have noticed that Netflix and Hulu often stall on my Time Warner home connection. I've heard others are experiencing the same delays. I use Speedtest.net regularly from my computer and phone to check my connection and typically at home I get 10 to 15Mbps and occasionally higher. Currently it is around 10Mbps yet Hulu is stalling. Is there a way to specifically test my speeds for streaming Netflix and Hulu?

    Read the article

  • Antivirus and Content Management / Web Filtering

    - by Moif Murphy
    Hi, We currently use Net Intelligence for our Web Filtering and Antivirus. We're looking for an alternative and I was wondering what people here use? We have many mobile users who work away from the office and so we prefer something which includes a remote agent and a central management portal that we can customise and add our own rules etc. Also preferable is bundled anti virus. Any recommendations?

    Read the article

  • Transparent Squid : Logging client ip problem

    - by llazzaro
    Hello, I am using the following rules in iptables in my network to use a transparent proxy * iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128 * iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box * iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT But my squid log, always logs gateway IP (172.16.0.1) Do you know an alternative to not lose client IP? (of course avoid saing manual proxy setup!)

    Read the article

  • nginx config to serve as external secure proxy

    - by realworldcoder
    I'm setting up an external nginx server to proxy all outgoing traffic in order to simplify outbound firewall rules. What I'd like is: https://service1.com.example.com -- https://service1.com:443 https://www.service2.com.example.com -- https://www.service2.com:443 https://service3.com.example.com -- http://service3.com:8080 (everything else denied) (There will be 30-40 different hosts here, so I'm looking for something relatively easy to maintain.) Is this possible with Nginx? Or is there some other proxy software that is better suited for this problem?

    Read the article

  • Outlook 2007: Filter messages differently based on mailing lists

    - by Naseer
    I am part of two mailing lists, one of which is of high importance to me and should always show up in my Inbox and the other is not so important and should go to a specific folder. Sometimes both these mailing lists are in the To/CC list. In this case, I want the message to stay in my Inbox and not get moved. Is this possible with Rules and Alerts ? If not, is there a macro ?

    Read the article

  • Dynamic IP and spam filtering

    - by pipalia
    Is it possible to filter incoming spam when the mail server is hosted on a dynamic IP. Static IP is not an option at the moment. Outgoing mail is relayed through a third party service which works great, but I am not sure how I could filter incoming mail within Domino. Has anyone figured out how to do achieve this? Or I am limited to what Domino has to offer to control spam and doing it manually by creating mail rules?

    Read the article

  • LVS Configuration issue (Using piranha Tool)

    - by PravinG
    I have configured LVS on cent os using piranha tool .I am using vip of internal n/w as gateway for real server we have two NIC one having exteranl Ip and other for internal n/w which is on 192.168.3.0/24 network. But I am not able to connect from client it shows connection refused error . Please suggest iptables rules for private n public n/w to communicate. May be I am missing this . Iptables rules that we have added are : iptables -t nat -A POSTROUTING -p tcp -s 192.168.3.0/24 --sport 5000 -j MASQUERADE this is my ipconfig: eth0 Link encap:Ethernet HWaddr 00:00:E8:F6:74:DA inet addr:122.166.233.133 Bcast:122.166.233.255 Mask:255.255.255.0 inet6 addr: fe80::200:e8ff:fef6:74da/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:94433 errors:0 dropped:0 overruns:0 frame:0 TX packets:130966 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9469972 (9.0 MiB) TX bytes:19929308 (19.0 MiB) Interrupt:16 Base address:0x2000 eth0:1 Link encap:Ethernet HWaddr 00:00:E8:F6:74:DA inet addr:122.166.233.136 Bcast:122.166.233.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:16 Base address:0x2000 eth1 Link encap:Ethernet HWaddr 00:E0:20:14:F9:2D inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:20ff:fe14:f92d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:123718 errors:0 dropped:0 overruns:0 frame:0 TX packets:148856 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18738556 (17.8 MiB) TX bytes:11697153 (11.1 MiB) Interrupt:17 Memory:60000400-600004ff eth1:1 Link encap:Ethernet HWaddr 00:E0:20:14:F9:2D inet addr:192.168.3.10 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:17 Memory:60000400-600004ff eth2 Link encap:Ethernet HWaddr 00:16:76:6E:D1:D2 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:21 Base address:0xa500 and ipvsadm -ln command [root@abts-kk-static-133 ~]# ipvsadm -ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 122.166.233.136:5000 wlc TCP 122.166.233.136:5004 wlc lvs server routing table Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 122.166.233.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth1 0.0.0.0 122.166.233.1 0.0.0.0 UG 0 0 0 eth0 real 1 real 2 we have configured various ports from 5000:5008 . Do we need to this iptables for all ports? Suggest me how should I solve this issue.

    Read the article

  • Tool to determine filesystem on removable media

    - by Todd Brooks
    I have a CompactFlash card that is used in a custom piece of hardware. WAV files are written to it. Windows doesn't recognize the media and wants to format it, which rules out FAT 16/32, NTFS, UDF, etc. Is there a Windows tool that can determine what filesystem the media is using and possible read the contents? I've tried dskprobe.exe, but it did not work.

    Read the article

  • How to keep SpamAssassin up to date under CentOS?

    - by Josh
    I am running CentOS 5.4 with SpamAssassin installed via yum. However the version yum installed was SpamAssassin version 3.2.5 and I am finding that this version has many outdated rules -- including a rule FH_DATE_PAST_20XX which marks all email from the year 2010 and forward as spam. Not good. yum says SpamAssassin is up to date -- what can I do to make yum keep SpamAssassin really up to date?

    Read the article

  • Multiple "from" addresses for single Exchange account in Outlook 2007

    - by Jørn Schou-Rode
    I have a single Exhange account with multiple aliases (e-mail addresses), for which it recieves incoming mail messages. Using "rules" it is possible to have the incoming messages sorted into folders depending on the address they are sent to. When composing and sending messages from Outlook, the primary address of the exchange account is used in the "From" header. Without adding additional mail accounts (I really only have one), is it possible to learn Outlook about the alias addresses, making them available as "From" addresses when composing new messages?

    Read the article

  • tcpdump output with iptables REJECT policy enabled

    - by Pablo Santa Cruz
    Hi all, Quick question. I have a firewall with these simple rules: iptables -A INPUT -p tcp -s 127.0.0.1/32 --dport 6000 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.16.20/32 --dport 6000 -j ACCEPT iptables -A INPUT -p tcp --dport 6000 -j REJECT Now, suppose I am using TCPDUMP like this: tcpdump port 6000 And I have host 192.168.16.21 trying to connect to port 6000. My question is: will/should tcpdump output some packages coming from 192.168.16.21?

    Read the article

  • Internal mail flow between two sites

    - by Eric Hazen
    I have two sites: DATACENTER HQ Exchange Roles: HQ: Mailbox Store, Client Access, Hub Transport DATACENTER: Client Access, Hub Transport Here is the basic mail flow requirements: Outgoing Email: HQ > DATACENTER > INTERNET Incoming Email: INTERNET > DATACENTER > HQ I've been banging my head on this setting up different Hub Transport rules, etc. Any suggestions?

    Read the article

  • Configuring gmail for use on mailing lists

    - by reemrevnivek
    This is really two questions in one. First, are nettiquette guidelines still accurate in their restrictions on ASCII vs. HTML, posting style, and line length? (Here's a recent metafilter discussion of the topic.) Second, If they are not, should these guidelines be respected? If they are (or if they should still be respected), how can modern mail programs be configured to work properly with them? Most mailing list etiquette statements appear to have been written by sysadmins who loved their command lines, and refuse to change anything. Many still reference rfc1855, written in 1995. Just reading that paginated TXT should give you an idea of the climate at the time. Here's a short, fairly random list of mailing list etiquette statements with some extracted formatting guidelines: Mozilla - HTML discouraged, interleaved posting. FreeBSD - No HTML, don't top post, line length at 75 characters. Fedora - No HTML, bottom-post. You get the idea. You've all seen etiquette statements before. So, assuming that the rules should be obeyed (Usually a good idea), what can be done to allow me to still use a modern mail program, and exchange mail with friends who use the same programs? We like to format our mail. Bold headings, code snippets (sometimes syntax highlighted, if the copy-paste pulls RTF text as from XCOde and Eclipse), free line breaks determined by your browser width, and the (very) occasional image make the message easier to read. Threaded conversations are a wonderful thing. Broadband connections are, I'm sure, the rule for most of the users of SU and of developer mailing lists, disk space is cheap, and so the overhead of HTML is laughable. However, I don't want to post a question to a mailing list and have the guru who can answer my question automatically delete it, or come off as uncaring. Until I hear otherwise, I'll continue to respect the rules as best I can. For a common example of the problem, Gmail, by default, sends HTML formatted messages with bottom-posted quotes (which are folded in, just read the last message immediately above), and uses the frame width to wrap lines, rather than a character count. ASCII can be selected, and quotes can be moved and reversed, but line wraps of quotes don't work, line breaks are tedious to add (and more tedious to read, if they're super small in comparison to the width of the frame). Is there a forwarding, free mail program which can help with this exercise? Should an "RFC1855 mode" lab be written? Or do I have to go to the command line for my mailing lists, and gmail for my other mail?

    Read the article

  • Configure a SPF rule on Ubuntu

    - by TiuTalk
    Where I can create/insert the SPF rules to allow a external server to authenticate and send e-mails using the domain name of my server running Ubuntu? I need to insert this rule: v=spf1 ip4:111.111.111.111/29 ip4:111.111.111.111/24 a mx ~all Thanks :)

    Read the article

  • Secure openVPN using IPTABLES

    - by bob franklin smith harriet
    Hey, I setup an openVPN server and it works ok. The next step is to secure it, I opted to use IPTABLES to only allow certain connections through but so far it is not working. I want to enable access to the network behind my openVPN server, and allow other services (web access), when iptables is disabaled or set to allow all this works fine, when using my following rules it does not. also note, I already configured openVPN itself to do what i want and it works fine, its only failing when iptables is started. Any help to tell me why this isnt working will appreciated here. These are the lines that I added in accordance with openVPN's recommendations, unfortunately testing these commands shows that they are requiered, they seem incredibly insecure though, any way to get around using them? # Allow TUN interface connections to OpenVPN server -A INPUT -i tun+ -j ACCEPT #allow TUN interface connections to be forwarded through other interfaces -A FORWARD -i tun+ -j ACCEPT # Allow TAP interface connections to OpenVPN server -A INPUT -i tap+ -j ACCEPT # Allow TAP interface connections to be forwarded through other interfaces -A FORWARD -i tap+ -j ACCEPT These are the new chains and commands i added to restrict access as much as possible unfortunately with these enabled, all that happens is the openVPN connection establishes fine, and then there is no access to the rest of the network behind the openVPN server note I am configuring the main iptables file and I am paranoid so all ports and ip addresses are altered, and -N etc appears before this so ignore that they dont appear. and i added some explanations of what i 'intended' these rules to do, so you dont waste time figuring out where i went wrong : 4 #accepts the vpn over port 1192 -A INPUT -p udp -m udp --dport 1192 -j ACCEPT -A INPUT -j INPUT-FIREWALL -A OUTPUT -j ACCEPT #packets that are to be forwarded from 10.10.1.0 network (all open vpn clients) to the internal network (192.168.5.0) jump to [sic]foward-firewall chain -A FORWARD -s 10.10.1.0/24 -d 192.168.5.0/24 -j FOWARD-FIREWALL #same as above, except for a different internal network -A FORWARD -s 10.10.1.0/24 -d 10.100.5.0/24 -j FOWARD-FIREWALL # reject any not from either of those two ranges -A FORWARD -j REJECT -A INPUT-FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT-FIREWALL -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT-FIREWALL -j REJECT -A FOWARD-FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT #80 443 and 53 are accepted -A FOWARD-FIREWALL -m tcp -p tcp --dport 80 -j ACCEPT -A FOWARD-FIREWALL -m tcp -p tcp --dport 443 -j ACCEPT #192.168.5.150 = openVPN sever -A FOWARD-FIREWALL -m tcp -p tcp -d 192.168.5.150 --dport 53 -j ACCEPT -A FOWARD-FIREWALL -m udp -p udp -d 192.168.5.150 --dport 53 -j ACCEPT -A FOWARD-FIREWALL -j REJECT COMMIT now I wait :D

    Read the article

  • SIP server ("gateway") for joining accounts

    - by Tomas Srna
    Hello, I have a phone supporting 2 accounts, but I need 4 accounts. Is it possible to install some sort of SIP server/gateway/proxy (on a linux server), that would register those 4 accounts and I would be able to connect to it as if it was 1 account? (With dialing rules, etc.) 3 of the accounts have incoming numbers. Thanks. Tomas.

    Read the article

< Previous Page | 59 60 61 62 63 64 65 66 67 68 69 70  | Next Page >