10 More Discussions You Might Find Interesting
1. Cybersecurity
Just added these lines to our server firewall:
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
Even though mysql is configured to correctly only listen on port 127.0.0.1 we still see these mysql log file notes on a daily... (0 Replies)
Discussion started by: Neo
0 Replies
2. Solaris
please find the below o/p for your reference
bash-3.00# fcinfo hba-port
HBA Port WWN: 21000024ff295a34
OS Device Name: /dev/cfg/c2
Manufacturer: QLogic Corp.
Model: 375-3356-02
Firmware Version: 05.03.02
FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies
3. IP Networking
i want to kill a tcp connection by killing its pid
with netstat -an i got the tcp ip connection on port 5914
but when i type ps -a or ps-e there is not such process running on port 5914
is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies
4. AIX
Hello Team,
We are having weblogic which running on AIX 6.1 Lpar machine. We not enabled any firewall(IPSEC) in AIX level.
Our weblogic is running on cluster.Whenever we stop/restart the cluster we would like to stop/start the port(by using command) which used by the weblogic. Please... (2 Replies)
Discussion started by: gowthamakanthan
2 Replies
5. Programming
Hello!
I searched forum for similar topic, with no luck, if you know one, delete this topic, and send me private message with link please.
Little background:
I have a lot of clients and one serwer. Client can make multiple connections on different ports and ips, but only one can be acctive... (2 Replies)
Discussion started by: ikeban
2 Replies
6. IP Networking
I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0
Shouldn't this work?:
iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
Discussion started by: herot
3 Replies
7. Programming
Does anyone know if there is a C API call to get the status of a TCP port? As opposed to running netstat and parsing the results. At the moment I have to attempt to bind() and pick up on the address in use error which isn't very elegant
Thanks
---------- Post updated at 10:42 AM ----------... (0 Replies)
Discussion started by: janra
0 Replies
8. Shell Programming and Scripting
I have multiple processes running the same program on my linux machine. For each process I want to be able to use a unique (available) TCP port. I have thought of using netstat to check which ports are available for use however, the time-window between checking and selecting might expose some race... (1 Reply)
Discussion started by: timmylita
1 Replies
9. UNIX for Dummies Questions & Answers
Hello, I have a service running (ODBC) and every now and then it will hang and I will have to stop and restart the service. The problem is when I stop the service, it indeed stops the service, but netstat reports a tcp port still open with the fin_wait_2 status. Then I must close the client... (1 Reply)
Discussion started by: raidzero
1 Replies
10. IP Networking
I am trying to connect via DBACCESS and Informix server to a server on a different computer. When I execute the connect command from dbaccess I get the following message,
Exec format error cannot bind a name to the port.
As far as I know the port is not being used by another client.
How... (1 Reply)
Discussion started by: lopez
1 Replies
mxallowd(1) User Manuals mxallowd(1)
NAME
mxallowd - dynamically whitelist your Mail eXchanger
SYNOPSIS
mxallowd [-d] [-c configfile] [-t whitelist-time] [-p pflog-interface] [-l pcap-filter] [-F] [-s] [-q] [-p] -f fake-mailserver -r real-
mailserver -n queue-num
DESCRIPTION
mxallowd is a daemon which uses libnetfilter_queue (on Linux) or pf and pflog (on BSD) to allow (or deny) connections to a mailserver (or
similar application) if the remote host hasn't connected to a fake daemon before.
This is an improved version of the so-called nolisting (see http://www.nolisting.org/). The assumption is that spammers are not using RFC
2821-compatible SMTP-clients and are sending fire-and-forget spam (directly to the first or second MX-entry without retrying on error).
This direct access is blocked with mxallowd, you'll only get a connection if you retry.
NOTE: It is highly recommended to install nscd (nameserver caching daemon) or a similar software in order to speed-up DNS lookups. Since
version 1.3, DNS lookups are done in a thread (so they don't block the main process), however, on very-high-traffic-sites, mxallowd may
show significantly better overall performance in combination with nscd.
OPTIONS
-b, --no-rdns-whitelist
Disable whitelisting all IP-addresses that have the same RDNS as the connecting one (necessary for google mail)
-c, --config
Specifies an alternative configuration file (instead of /etc/mxallowd.conf)
-t, --whitelist-time
Specify the amount of time (in seconds) until an IP-address will be removed from the whitelist
-s, --stdout
Log to stdout, not to syslog
-q, --quiet
Don't log anything but errors.
-f, --fake-mailserver
Specify which IP-address the fake mailserver has (connecting to it will whitelist you for the real mailserver)
-r, --real-mailserver
Specify which IP-address the real mailserver has
-F, --foreground
Do not fork into background, stay on console
-n, --queue-num (only available when compiled for netfilter_queue)
Specify the queue number which will be used for the netfilter_queue-link. This has to be the same which is specified in the ipta-
bles-rule and it has to be specified, there is no default.
-p, --pflog-interface (only available when compiled for pf)
Specify the pflog(4) interface which you configured in pf(4). The default is pflog0. Also see the pcap-filter-option if you use an
interface which does not only get smtp-traffic.
-l, --pcap-filter (only available when compiled for pf)
Specify the filter for pcap. The default is "port 25". See tcpdump(8) for more information on the filters.
FILES
/etc/mxallowd.conf
System-wide configuration file. Use the long options without the beginning two dashes. For example:
stdout
fake-mailserver 192.168.1.3
fake-mailserver 192.168.1.4
real-mailserver 192.168.1.5
queue-num 23
EXAMPLES FOR NETFILTER
The machine has two IP-addresses. The mailserver only listens on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
(192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.
# modprobe nfnetlink_queue
# iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j NFQUEUE --queue-num 23
# mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4 -n 23
Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now connect
to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.
EXAMPLES FOR PF
The machine has two IP-addresses. The mailserver only listens on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com
(192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10.
Create a pf.conf like this:
table <mx-white> persist
real_mailserver="192.168.1.4"
fake_mailserver="192.168.1.3"
real_mailserver6="2001:dead:beef::1"
fake_mailserver6="2001:dead:beef::2"
pass in quick log on fxp0 proto tcp from <mx-white> to $real_mailserver port smtp
pass in quick log on fxp0 inet6 proto tcp from <mx-white> to $real_mailserver6 port smtp
block in log on fxp0 proto tcp to { $fake_mailserver $real_mailserver } port smtp
block in log on fxp0 inet6 proto tcp to { $fake_mailserver6 $real_mailserver6 } port smtp
Afterwards, load it and start mxallowd using the following commands:
# pfctl -f /etc/pf.conf
# mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4
Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now connect
to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working.
The ruleset for pf is actually longer because pf does more than netfilter on linux -- netfilter passes the packets and lets mxallowd decide
whether to drop/accept whilst pf blocks/passes before even "passing" to mxallowd.
SEE ALSO
iptables(8), pf(4), pflog(4), tcpdump(8)
AUTHOR
Michael Stapelberg <michael+mxallowd at stapelberg dot de>
Linux MARCH 2012 mxallowd(1)