From: "Mark" <atlee@planet.nl>
To: <gentoo-server@lists.gentoo.org>
Subject: RE: [gentoo-server] Iptables Changes
Date: Mon, 22 Sep 2008 17:21:30 +0200 [thread overview]
Message-ID: <000201c91cc6$e3ef8f80$9700000a@dbshzbmemjzd2d> (raw)
In-Reply-To: <279fbba40809220656p617bf51l79de0152e3cc7794@mail.gmail.com>
Stop sending me these fucking e mails...I dont want them so fuck
off!!!!
-----Oorspronkelijk bericht-----
Van: Kerin Millar [mailto:kerframil@gmail.com]
Verzonden: maandag 22 september 2008 15:56
Aan: gentoo-server@lists.gentoo.org
Onderwerp: Re: [gentoo-server] Iptables Changes
2008/9/22 Ajai Khattri <ajai@bway.net>:
> On Mon, 22 Sep 2008, Ryan Gibbons wrote:
>
>> You should be able to find some information in your log files and
>> possibily dmesg
>>
>> My guess is you are missing some modules for iptables in your kernel.
>
> I use connection-tracking and that has changed a lot over the past two
years
> and become very confusing (as far as kernel configuration goes).
2.6.25 provides a CONFIG_NETFILTER_ADVANCED option which, if not
selected, should ensure that the most commonly used netfilter options
are enabled.
If that option does not appeal then note that the NF_CONNTRACK option
has been renamed to NF_CONNTRACK_ENABLED as of 2.6.25. Here is a list
of options that constitute a set of reasonable/minimal defaults (that
will support connection tracking):
NF_CONNTRACK_IPV4
NF_CONNTRACK_MARK
IP_NF_IPTABLES
IP_NF_FILTER
IP_NF_TARGET_REJECT
IP_NF_TARGET_LOG
NF_NAT
IP_NF_TARGET_MASQUERADE
IP_NF_TARGET_REDIRECT
IP_NF_MANGLE
NF_CONNTRACK_ENABLED
I'd also suggest enabling the IP_NF_TARGET_ULOG option. This may be
used in conjunction with the ulogd package so as to avoid polluting
the kernel ring buffer with netfilter log messages.
Regards,
--Kerin
next prev parent reply other threads:[~2008-09-22 15:21 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-22 12:16 [gentoo-server] Iptables Changes Ajai Khattri
2008-09-22 12:28 ` Ryan Gibbons
2008-09-22 12:43 ` Ajai Khattri
2008-09-22 13:56 ` Kerin Millar
2008-09-22 15:21 ` Mark [this message]
2008-09-22 15:25 ` Andrew Gaffney
2008-09-22 17:53 ` Thilo Bangert
2008-09-23 12:21 ` Jozef [jonyii] Svec
2008-09-23 19:25 ` [gentoo-server] SPAM protection by requesting confirmation Alex Efros
2008-09-23 21:45 ` Ramon van Alteren
2008-09-24 0:13 ` Lindsay Haisley
2008-09-24 15:40 ` Matthias Bethke
2008-09-28 13:21 ` Alex Efros
2008-09-28 13:26 ` Alex Efros
2008-09-28 19:41 ` Homer Parker
2008-09-28 20:02 ` Alex Efros
2008-09-28 21:07 ` Homer Parker
2008-09-28 21:49 ` Alex Efros
2008-09-24 3:14 ` Homer Parker
2008-09-24 8:51 ` Oliver Schad
2008-09-24 15:58 ` Lindsay Haisley
2008-09-24 10:02 ` Thilo Bangert
2008-09-22 16:24 ` [gentoo-server] Iptables Changes Kerin Millar
2008-09-22 16:31 ` Marko Reiner
2008-09-22 16:43 ` Mark
2008-09-22 17:36 ` Roger Bumgarner
2008-09-24 23:05 ` Ajai Khattri
2009-08-02 9:17 ` [gentoo-server] iptables && fail2ban mrfroasty
2009-08-01 9:53 ` Kerin Millar
2009-08-02 11:24 ` mrfroasty
2009-08-01 18:06 ` Homer Parker
2009-08-03 21:42 ` mrfroasty
2009-08-08 14:40 ` Ajai Khattri
2009-08-08 20:20 ` mrfroasty
2009-08-08 23:07 ` paul kölle
2009-09-14 19:17 ` Arturo 'Buanzo' Busleiman
2009-09-15 7:27 ` Paul Kölle
2009-08-08 20:36 ` mrfroasty
2009-08-08 1:07 ` Steve Dommett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000201c91cc6$e3ef8f80$9700000a@dbshzbmemjzd2d' \
--to=atlee@planet.nl \
--cc=gentoo-server@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox