IPTables Rule Using Modules Limit & Length Simoultaneously
Apr 4, 2009
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.
The modules that should work perfectly for this type of "rule set" are;
- Limiting module
- Length module
Both of which are installed / compiled with the kernel/IPTables correctly and functioning.
I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.
Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?
iptables -N UDPC1
iptables -A INPUT -p udp -m length --length 20 -j UDPC1
iptables -A UDPC1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A UDPC1 -j DROP
We installed csf firewall in main node and we have following error when try to start firewall, how can resolve this issue?
[root@m5088 csf]# csf -s Error: The VPS iptables rule limit (numiptent) is too low (400/400) - stopping firewall to prevent iptables blocking all connections, at line 123
Domain has PHP Settings in Plesk set to 2G and I get this error when uploading a 48MB file using Wordpress. I assume I need ot modify this manually in conf file somewhere to allow uploading large files?
Requested content-length of 48443338 is larger than the configured limit of 10240000..
mod_fcgid: error reading data, FastCGI server closed connection...
I am unable to create a user in mysql with 20 characters length. I am getting the annoying error message about 16 characters limitation about a username length. I have tried to increase the character user limit length to 32 characters using the following commands:
mysql -uroot -p
use mysql;
alter table `user` modify `User` CHAR(32);
FLUSH PRIVILEGES;
quit
service mysqld restart
But after all of this was done I was and I am still unable to connect to mysql anymore with/without password.
I run CentOS 5.2 (Sometimes CentOS 4.6). I have been messing around with IPTables, and cannot find out how to filter zero-length packets.
I believe I might need an unclean module. I have already done hours of reading and researching, but I have come up with nothing, for I do not think this is that common.
If anyone could please let me know the commands to use to filter out all zero-length packets, or the unclean module I need to use with IPTables, I would really appreciate it.
I have been seeing these in my log and received complaints from customers not able to get their mail out. These messages just stay in the queue and go no where.
what they are successfully using as a tlsserverciphers and tlsclientciphers? Maybe it the dh key being too small. How can this be fixed on Qmail?
When I download a file from my server, only specific extensions are working. This is really annoying since I want to be able to see how much time left to finish a download.
For example I uploaded a video with .vob extension file.vob --> does not show filesize when downloading
If I rename the same file to different extension: file.avi --> works fine shows filesize when downloading file.mp3 --> works fine shows filesize when downloading file.rar --> works fine shows filesize when downloading file.mp4 --> does not show filesize when downloading file.wmv --> does not show filesize when downloading
These are direct download links, not using any download scripts or anything. Why are some extensions displaying the filesize and some not displaying them? I am using Apache 2.x server.
I got a problem with CSF on my VPS. ipt_state and ipt_REDIRECT are not enabled on the node and I can't(and everyone else on the node) be using any ipt based firewall.
I asked a hosting company to enable those modules and I provided a simple guide(Edit /etc/sysconfig/iptables-config and /etc/sysconfig/vz on the hardware node. Add ipt_state and ipt_REDIRECT into IPTABLES_MODULES= and IPTABLES= lines correspondingly.)
I had the same problem on my old VPS provider and I provided the same guide and after it they restarted iptables and vz and it worked fine.
Tech in my current hosting company is saying they need to re-compile the kernel with those modules 1st in order to enabled those modules. They tried 2 times and the server didn't boot into a new kernel.
So, is there any other way to enable those modules without kernel re-compile.
I even think "modprobe" shout do the trick. modprobe ipt_state and modprobe ipt_REDITECT and then add those modules into 2 files as I said above and it whould be working fine?
In /var/log/messages, this line is repeated many times: modprobe: FATAL: Could not load /lib/modules/2.6.18-5-xen-686/modules.dep: No such file or directory
iptables -L gives this: iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Is this something I can fix via yum install xxx or some other way, or is it something my provider has to do?
I tried yum install kernel-xen, but that installed 2.6.18-53 and modprobe is looking for 2.6.18-5
Trying to install Cerberus Help Desk and it gives this message during requirement check:
The following problems prevent you from running Cerberus Helpdesk 4.0: upload_tmp_dir is empty in your php.ini file. Please set it. The 'MailParse' PHP extension is required. Please enable it. The 'Mail' PEAR package is required. Please install it. The 'Mail_Mime' PEAR package is required. Please install it. The 'Mail_mimeDecode' PEAR package is required. Please install it. The 'Mail_RFC822' PEAR package is required. Please install it. The 'Text_Password' PEAR package is required. Please install it.
how to apply this (on a vps) safely? Using Centos 4.5. I'm using Interworx control panel.
I have a RHEL 5 server, that host one site with a common PHP 5.x -MySQL 5.x app, it also uses .htaccess to rewrite rules. I'm trying to optimize apache to the max, and though about removing some unneccesary modules. The actual modules loaded are:
I'm trying to install the Win32 dist from apachelounge 2.4.9 and I'm having difficulties getting the modules loaded. Several modules have different names or aren't there at all. mod_imap.so
I have complied Apache from the source with so enabled and compiled PHP with Apache apxs. What if I do, if I want to add/Load another modules as a dynamic modules without recompiling apache. Suppose if I want to enable rewrite or any other module.I am pasting the command which I used to compile apahce.
Apache == ./configure --prefix=/usr/local/apache --enable-module=so make make install
PHP == ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs make make install
Both are running fine on my server,how to enable mod rewrite module as shared module fro example ??Â
what modules I should use in my httpd.conf file. Here's the modules that I currently have enabled / disabled. The site is running specifically off PHP. There is no need for CGI, ASP, or any other languages (to my knowledge). The negotiation module is enabled,. It does not need to be to my knowledge.
However, when I disabled it Apache would not restart. Could someone give some details as to which directives need to be disabled for negotiation to be disabled. Also, does anyone know if negotiation is essential. It is not to my knowledge. Suggestions and comments are much appreciated. Thank you in advance for your hard work and experience being as it's not costing me anything. I will do my best to return the favor.
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
what are the standard modules which you normally need to get installed in your server or which you install ? from which you sell hosting to your customer or Which standard modules Is Most Important To Be Installed In Your Dedicated server ?
