All of lore.kernel.org
 help / color / mirror / Atom feed
* re: problem with ./runme in --batch mode. -- current p-o-m
@ 2003-01-10  3:44 Alistair Tonner
  2003-01-10 23:38 ` Arnt Karlsen
  0 siblings, 1 reply; 3+ messages in thread
From: Alistair Tonner @ 2003-01-10  3:44 UTC (permalink / raw)
  To: netfilter


	Hi folks:
	
	Its too late at night, and I shouldn't be mucking with scripts. ... I realize 
now that my previous email was in error ... and now realize what is actually 
happening when passing a long list to ./runme ... its just disconcerting to 
see patches that I don't want in the "already applied" list that ./runme 
spits up when running in batch mode ... I can now see that the $EXCLUDED are 
copied to $SEEN and listed in already applied list because of that ... 

   perhaps we could put a *bypassed* tag in there so that others don't get as 
confused as I..... 

	(hangs head in shame)

	Alistair Tonner
	Alistair@nerdnet.ca

	(Actually ... since I just flipped email addys on the mailing list ... this 
message migh show up before the one of which I speak.....)



^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: Kaaza 2 jammer.
@ 2003-01-09 18:58 Darrell Dieringer
  2003-01-10  2:18 ` Joel Newkirk
  0 siblings, 1 reply; 3+ messages in thread
From: Darrell Dieringer @ 2003-01-09 18:58 UTC (permalink / raw)
  To: netfilter

I've always wondered something about the string matching, but never
having used it, I haven't researched it enough to know...

Wouldn't netfilter also see the string "KazzaClient" in this email
message?  I can imagine how that might cause problems if the string
matching rules aren't well crafted.

I see in the example posted by Tomasz Wrona that it only applies to
tcp packets forwared from the internal interface, narrowing the focus
qiute a bit.  But wouldn't that also block an email message having
that string if sent from an internal machine?

Of course, the sender of that message may have indeed sent it from a
client on his internal network, and since I'm reading it, it must have
worked as intended.

I imagine placing a string matching rule, like the example, _after_
rules which accept other legitimate traffic (like smtp) would work
completely fine.

Looking for eduction on the topic.

Darrell Dieringer - Madison, WI

> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of
> Tomasz Wrona
> Sent: Thursday, January 09, 2003 11:04 AM
> To: netfilter@lists.samba.org
> Cc: lartc@mailman.ds9a.nl
> Subject: Kaaza 2 jammer.
>
>
> Hello,
>
> Some people asked about matching [blocking] Kaaza 2 sessions.
> So try this simple rule:
>
> iptables -I FORWARD -i $internal_interface -p tcp -m string
> --string "KazaaClient" -j REJECT --reject-with tcp-reset
> [Or maybe worth to try -j TARPIT]
>
> In above rule I don't specify separate ports due to dynamic
> port allocation.
> This rule works fine, catches and reset completly Kaaza 1 and 2
> versions.
>
>
> Regards,
> tw



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-01-10 23:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-10  3:44 problem with ./runme in --batch mode. -- current p-o-m Alistair Tonner
2003-01-10 23:38 ` Arnt Karlsen
  -- strict thread matches above, loose matches on Subject: below --
2003-01-09 18:58 Kaaza 2 jammer Darrell Dieringer
2003-01-10  2:18 ` Joel Newkirk
2003-01-10  3:24   ` problem with ./runme in --batch mode. -- current p-o-m Alistair Tonner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.