What's The Maximum Number Of Rules For Iptables?
Jul 19, 2008
I use APF and APF is working with iptables , when I define a large number of IPs in deny_hosts.rules or allow_hosts.rules and restart the APF , iptables begins to display errors after applying some number of rules , I have set SET_TRIM="0" in APF , so the number of APF rules is unlimited and the error is from iptables.
Is there any setting in iptables config files for maximum number of rules?
Is it unlimited and depends only on system available memory? O/S , ...?
View 2 Replies
ADVERTISEMENT
May 7, 2008
Curious to know the maximum number of sql server databases you guys have seen on a single server box?
View 0 Replies
View Related
Feb 24, 2007
I would like to know what is the maximum number of Apache connections a Server can handle? Does this depends on the Config of the Server? Is it Possible for a server to handle more than 2500 Active Apache connections without timeout / connection failure / slowness?
View 6 Replies
View Related
Jan 28, 2015
My Customers and I have Problems connecting to IMAP-Server. By moving through IMAP Folders I get the Massage "Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server"
I know this Article: [URL] ... and all the other related to this issue.
[Code].....
View 9 Replies
View Related
Sep 28, 2014
Every time I log on plesk 11.09 I get an email from admin saying that due to maximum number of failed login attempts for admin, the account was blocked for 30 minutes.
First, I do not get failed login attempts, I log in every time.
Two, the account is not blocked, I can log in, out and back in as many times as I want without problem except that I get this email everytime.
View 3 Replies
View Related
Jul 2, 2009
One of my low knowledge area's is Iptables Rule's I just normally use APF/CSF.
However on a VPS Host node, I basically want to block all access to a certain port let's say 1234 apart from a certain IP address.
However I don't want to block this port on any of the VPS's on the Node, so what Iptable Rule(s) would I need to put into a bash script on startup.
View 7 Replies
View Related
May 15, 2007
I had csf firewall installed, and due to my own stupidity, attempted to login with the wrong password one too many times, which added my IP to iptables, locking me out. I had to SSH into a linux box at school, and then ssh into my server to stop the iptables service so I could get into my server.
I removed every trace of my IP that I could find in csf, but sometime in the middle of the night, iptables reloads some rules from somewhere that blocks me again. I also tried doing iptables -F to clear all rules, but again, sometime in the middle of the night, rules are reloaded and I get blocked. I even uninstalled csf to no avail. I just want to remove my IP once and for all.
View 11 Replies
View Related
May 18, 2008
my server have problem with login to ftp
i ask of cpanel,cpanel answer :
Howdy,
Are you using any kind of external firewalling? I have enabled the passive
ports in pure-ftpd and attempted to connect in passive mode, but it still
fails.
and
Howdy,
You should allow connections on 30000 through 50000 for passive ftp
---
this is vps
how may i solved it?
i use of csf
View 6 Replies
View Related
Jul 1, 2009
I have a VPS (Virtuozzo) with cPanel installed. I notice that iptables running in the VPS had many DROP rules when I listed using iptables -nL command. So I flushed iptabled using "iptables -F" command and also "> /etc/sysconfig/iptables" command and restarted iptabled. When I try to list the rules it would show empty. However when I try to list after a few minutes it is showing the same old rules with many DROP rules yet again! Is there anyway to remove the rules completely?
View 2 Replies
View Related
May 6, 2009
If I buy a web server (Linux), Do I need to use iptables and create some security rules?
What types of rules?
Is it suggest use modsecurity for Apache?
If I host 2 sites (2 wordpress blog), what are better rules?
View 14 Replies
View Related
Oct 4, 2007
One of these rules is causing name server lookups to fail, but I can't seem to figure out which one, can anyone spot the problem?
Code:
[root@example ~]# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
INVDROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:953
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10023
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:953
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW icmp type 8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1024:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
LOGDROPIN all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
INVDROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:953
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10023
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9999
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:113
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:123
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:953
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW icmp type 8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1024:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
LOGDROPOUT all -- 0.0.0.0/0 0.0.0.0/0
Chain INVDROP (18 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (1 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:113
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:445
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:513
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (1 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP all -- 0.0.0.0/0 0.0.0.0/0
View 3 Replies
View Related
Oct 5, 2007
I'm new to Private Virtual Server and the package offered by different company are quite confusing.
I was on RackForce and their basis VPS package dds200-L can host 100 domain names on Plesk and unlimited domain names on WHM/Cpanel.
On 1and1 it didn't say if Plesk support 100 or unlimited domain names. My question is, do we always have the liberty to host unlimited domain names on our PVS?
Can anyone recommend a good VPS hosting company?
View 14 Replies
View Related
Jan 5, 2008
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
View 2 Replies
View Related
Feb 6, 2007
When we do traceroute between 100 -130 ms delay between hop is acceptable? What is the maximum value can be acceptable?
View 2 Replies
View Related
Aug 21, 2008
i always get :-
Fatal error: Maximum execution time of 30 seconds exceeded in /home/ante/public_html/me/classes/http.php on line 418
Warning: fclose(): supplied argument is not a valid stream resource in /home/ante/public_html/me/classes/other.php on line 145
when i try upload big files (up 140mb to my vps using RapidLeech
and here my php.ini
[url]
i chnaged the php.ini to the new value and restart http only
my vps info
safe mod : on
Operating system: Linux
PHP version: 5.2.5
Apache version: 1.3.41 (Unix)
View 4 Replies
View Related
Dec 10, 2008
Is there a limit to assigning maximum IPs on a server.
I am not using any contro panel (plesk or cpanel).
View 11 Replies
View Related
Aug 4, 2007
What are the maximum number of entries that can go in hosts.deny? Will the server bog down the more entries that are in there? How many is a safe, reasonable number?
View 2 Replies
View Related
Sep 2, 2008
I know there's a option in the WHM that says "The maximum each domain can send out per hour (0 is unlimited" and it affects all the accounts under the same server, but, Is there any possibility to configure the WHM/cPanel to give different values to each client?
View 7 Replies
View Related
May 22, 2009
I'll soon be sending out a mail to around 20000 mail-addresses, all members of my site that entered their email address upon registration.
I'm using vBulletin to send them out but now here are my questions;
1) What is the maximum amount of emails i can send out per hour to hotmail, gmail, etc. so I don't get blacklisted or the emails don't get rejected?
2) Which plugin should I use for this?
View 1 Replies
View Related
May 29, 2009
how to set the restrictions of maximum recipients a singe email can be sent to. I found one customer sending an email to 1233 recipients at a time which is a large number enough to increase the queue on the server. I am running Cpanel/WHM. Is there some tweak to be done in Exim?
View 6 Replies
View Related
Jan 19, 2007
CPU load average is around 2-5% on my box. I'd like to know when I'll have to upgrade the CPU. Can I wait and add more accounts until it reaches 90%
View 12 Replies
View Related
Nov 23, 2007
I've setup MDaemon mail server on my local PC to send personal emails to Yahoo Groups.
Maximum recipients per message is set to 100 for the clients.
When there are more than 1 messages pending to be sent to yahoogroups.com, mdaemon creates a message to be sent to this domain and add 31 users in To (BCC) list and the message fails as it should, saying "too many recipients".
There should only be one recipient in To list, but I could not locate the setting where to set maximum recipients for outgoing email
I'm also searching mdaemon forums, but as i get quick response from WHT...
View 0 Replies
View Related
Nov 2, 2009
this is my experience with Maximum-Hosting.org.
I went there for the low prices to startup my Shoutcast station. At $3 a month, it sounded too good to be true. I got my service, and the owner, seemed like a nice guy. He was very helpful, and was eager to help me get started. This was back in March. The first half of my stent there was great, however, in the last half, downtimes and even a data loss was getting on my nerves. I saw some really personal issues and arguments in the IRC server about the owner and staff, and even some back talk and really personal stuff that I wish I never had heard.
Because of the downtime, the owner did provide me with some free service and features. In these times, I was itching to leave, but the owner lured me back in with something better.
In this time, the service was 'okay', no real big complaints, I was even promoted to an IRCop, on the server.
Four things happened.
1) There was an incident in the chatroom with a regular joke we have done may times was taken really the wrong way. (I did not use my IRCop powers when this happened)
2) After a long outage (last night from 'this' post date), I was the only human on the irc server. In order for me to ask the owner what happened, I silenced a eggdrop bot by banning it from the main room. This was so I can get a new message notification when a real person enters the room. The bot posted every 2min, and it was at 2am in the morning.
3) I actually found a pretty big security hole in the control panel, the owner thanked me yesterday, and was furious the next.
4) because of the top three things, the owner basically got extremely mad and took away my IRCops.
Those 4 things basically were the last pieces of trash I could take. Yes, I forgot to unban the bot I mentioned in #2, but is that a good reason to get me out? Tonight, after a somewhat heated discussion with the owner, my account was instantly closed, all http/ftp pipes closed. I am very lucky I saw the owner start to fall into this cycle he seems to do, I had a full backup of the space I had.
In a nut shell, I would highly advise people NOT to use Maximum-Hosting. If you want low prices, frequent downtime, and the possibility your data could be gone in an instant, this is the host for you!
I can only hope no one else falls into the nightmare I have had to put up with for cheap hosting.
View 7 Replies
View Related
Aug 7, 2008
what happens to the emails sent in excess of "The maximum each domain can send out per hour" limit that you can set in root WHM?
Are they discarded or get queued up in Exim?
View 1 Replies
View Related
Mar 19, 2015
Can I configure a maximum size for this file?
I have had to wipe it out a few times because it's been getting larger than 4GB
View 1 Replies
View Related
May 16, 2009
I am a customer of Yahoo Small Business unlimited hosting. I am running Joomla (CMS) with jreviews which uses PHP and MySQL. I now need to expand my review and rating website to earn some profits. According to my business plan, I would need atleast a 1000-2000 unique visitors a day to actually earn off the website to afford a VPS. My question is, can Yahoo Small Business "Unlimited" hosting plan sustain that number under the usage of Joomla? I have been trying to find an answer to this for a long long time but to no avail. I know that "unlimited" is actually a marketing tactic and that one must move to VPS or Dedicated servers for serious traffic. But I cannot move to a VPS before I earn something from the website initially due to lack of funds. Can I expect to be tension free till the range of 1000-2000 uniques/day?
View 10 Replies
View Related
Jul 28, 2009
I am running lighttpd and eccelerator.
I have stripped the php-cgi.
I have tried forking anywhere from 50 to 300 to 1000 fastcgi children with PHP_FCGI_CHILDREN (through lighttpd, I'll attempt to do with same with spawn-fastcgi and fpm)
Server stats:
Intel Core i7 920
12GB DDR
250GB 7.2k RPM SATAII 16MB Cache
I am using to lighttpd's lighttpd-status to estimate concurrent connections.
When I refresh the panel, it shows that there are around 100-150 connections and around 150 requests/s in the last 5 seconds.
My vmstats show that CPU is 98% idle. Blocks written/read is neglible. MySql key_buffer set to 2gb and I'm pretty sure it's not mysql. The overwhelming majority of requests do not access mysql.
EDIT: Uh oh, I just realized that tcp_mem could be a huge bottle neck.
I just set it to:
net.ipv4.tcp_mem = 4096000 87380000 4194304000
It was previously:
net.ipv4.tcp_mem = somenumber somenumber 393,216 <<<--- WTF!
x1000 for my read values (it's an access server only). I can't benchmark the server right now so let me know if you have any suggestions besides this. I do think that this was the problem. When under load images could not be accessed either.
View 4 Replies
View Related
