Discussion in 'General Discussion' started by micko, Jan 25, 2006.
What about this?
Yes, what about it? Looks like a statement, not a question, Besides, please don't hijack my thread, start a new one
Fenster, did you see my reply?
The only difference I can see is that the original entry is "broken" i.e. the IPTABLES_MODULES entry goes over two lines;
# IPTABLES_MODULES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle
# ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
Note there are no backslashes at the end of the first line to indicate the line continues.
I merged the whole line into one in my entry.
Is that the problem?
I think yes, extra linebreak could be the problem. I will fix an example in FAQ to make sure is does not have incorrect linebreaks.
Thanks for that.
Actually if you copy/paste from the FAQ you get 3 or 4 linebreaks.
If you look at the original /etc/sysconfig/iptables-config the IPTABLES_MODULES entry breaks over two lines.
I would assume it should be one long line, that's how I entered it on my server BUT it DOES NOT WORK
It would be perfect if you submit a ticket with server access and PM the ticket number to me. I would like to take a look at it
Sorry but that would be too complicated - particularly as this really ought to be very very simple.
If you could just double check your faq entry at http://faq.swsoft.com/article_130_875_en.html and confirm that everything is correct.
Note the line in /etc/sysconfig/vz: is broken.
Any other bugs in the FAQ?
Extra linebreak does not matter in
iptables-config; this file just is sourced
from /etc/rc.d/init.d/iptables and
is used as
for mod in $IPTABLES_MODULES; do
echo -n "$mod "
modprobe $mod > /dev/null 2>&1
I prefer to define this variable as
for better readability and have no problems
This might also be true for /etc/sysconfig/vz but I am not 100% sure.
Ok that actually explains my problem.
iptables was not enabled on this server (as in chkconfig --list iptables came up blank).
I believe it was removed because it kept resetting my (manual) iptables entries. I'll have to check that again.
Note to fester: Maybe worth noting in the FAQ entry that iptables have to be enabled in chkconfig for this FAQ to work.
HELP...APF problem w/ xinetd
Forgive me as I am a newbie so my knowledge and lingo will improve as I learn...
I installed APF and it is working to ban IP from the /var/log/mesages but I am getting a hugh amount of messages in /var/log/secure:
xinetd : START: smtp pid=28493 fromvarious IP's)
This is happening every few seconds and I want to know what I can do to stop it?
Thanks in advance...
@Newbie: Those messages are information that some people try to connect to your SMTP server - mostly spammers looking for an open relay.
I kind of figured that, but the question is what can I do about it...
Or do I just ignore it?
It doesn't seem to be affecting my resources currently.
You could read through your logfile and block each IP one by one - but it would be a lot of work and a never ending story. I think most people just mainly ignore it.
We need do this in the v3.0 to install apf in each VE or something has changed?
Do you mean make the adjustments mentioned in the knowledgebase/howto? If so then yes - there is no change to what you need to do in v 3.0
Thanks a lot for the blog post.Much thanks again. Great.
Separate names with a comma.