08-28-2008
IP Tablets
Linux IPTables, Linux IPChains, BSD IPF and other packet filters do not prevent snort from seeing a packet that is present on the network wire. Even if an inbound packet is denied by the packet filter Snort will still see and analyze the packet if it is listening to that interface.
--------------------------------
Angelinjones
Get Website Traffic
10 More Discussions You Might Find Interesting
1. IP Networking
i have a wireless network that is connected to internet over nat.there is ap that is connected to another ap in bridge mode, on ap is used for clients, and the other is connected to the machine that is doing masquerading. so i want to measure traffic of my clients and i thought about doing it with... (0 Replies)
Discussion started by: mdfk
0 Replies
2. IP Networking
Hi all,
I am working on TUN/TAP for tunnelling IP packets from the application to the network.
I am able to open the tun device and assign the IP address to tun0. The steps I followed are given,
1. Opened the tun device /dev/net/tun
2. Assigned a IP address to the tun0 using ifconfig... (5 Replies)
Discussion started by: johnniealan
5 Replies
3. Shell Programming and Scripting
Hi everybody. I have the next scenary:
eth0: WAN
eth1: DMZ
eth2: LAN
I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles.
I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies
4. IP Networking
Hello gurus ,
I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386
my xp ip is 192.168.0.12
my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...)
my freebsd le2 (int iface, vmware local only) is 192.168.141.5
my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies
5. IP Networking
hello,
I have a postfix & a local dns running on a single server.
this server is connected to internet via a low bandwidth line(with fixed ip).
we also have another high speed adsl (dynamic ip).
i want to divert all dns request from the local dns & postfix
from the server to the adsl... (0 Replies)
Discussion started by: coolatt
0 Replies
6. Ubuntu
Hi,
I am new to linux stuff. I want to use linux iptables to configure rule so that all my incoming traffic with protocol "tcp" is forwarded to the "FORWARD CHAIN". The traffic i am dealing with has destination addresss of my machine but i want to block it from coming to input chain and somehow... (0 Replies)
Discussion started by: arsipk
0 Replies
7. IP Networking
I would like to divide traffic between two squid servers.
I have been thinking about using iptables u32 filter, to check last bit of ip address which is comming to gateway. Then I would like to direct even IP adresses to one squid host, and odd to the other. Is it reasonable ?
Thank you for... (2 Replies)
Discussion started by: new_item
2 Replies
8. UNIX for Dummies Questions & Answers
Hey all,
I'm trying to get openvpn working on DD-WRT router.
I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies
9. Debian
I spent a lot of time trying to implement outbound traffic filtering with: cgroups + tc + iptables on Debian Jessie. Unfortunately there is still something wrong.
The biggest issue is:
- cgroups install + config
- net_cls subsystem implementation
- packets marking with net_cls
- appropriate... (0 Replies)
Discussion started by: Novi
0 Replies
10. Cybersecurity
good day good people
hi
first to tell that firewall and vpn is working as expected, but I notice something strange.
I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn.
I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies
LEARN ABOUT MINIX
tc-tcindex
Traffic control index filter(8) Linux Traffic control index filter(8)
NAME
tcindex - traffic control index filter
SYNOPSIS
tc filter ... tcindex [ hash SIZE ] [ mask MASK ] [ shift SHIFT ] [ pass_on | fall_through ] [ classid CLASSID ] [ action ACTION_SPEC ]
DESCRIPTION
This filter allows to match packets based on their tcindex field value, i.e. the combination of the DSCP and ECN fields as present in IPv4
and IPv6 headers.
OPTIONS
action ACTION_SPEC
Apply an action from the generic actions framework on matching packets.
classid CLASSID
Push matching packets into the class identified by CLASSID.
hash SIZE
Hash table size in entries to use. Defaults to 64.
mask MASK
An optional bitmask to binary AND to the packet's tcindex field before use.
shift SHIFT
The number of bits to right-shift a packet's tcindex value before use. If a mask has been set, masking is done before shifting.
pass_on
If this flag is set, failure to find a class for the resulting ID will make the filter fail and lead to the next filter being con-
sulted.
fall_through
This is the opposite of pass_on and the default. The filter will classify the packet even if there is no class present for the
resulting class ID.
SEE ALSO
tc(8)
iproute2 21 Oct 2015 Traffic control index filter(8)