* ipt_recent && spamd (!?) && kernel panic
@ 2005-06-08 7:34 Turbo Fredriksson
2005-06-08 19:04 ` David S. Miller
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Turbo Fredriksson @ 2005-06-08 7:34 UTC (permalink / raw)
To: sparclinux
--=-=-
I've been trying the ipt_recent driver/module (?) and after
just a few minutes, the machine (a Sun Blade 1000 - 2x750MHz,
1Gb mem) receives (?) a kernel panic.
Does anyone have an idea what the problem can be, and/or what
to do about it? The kernel is 2.6.12-rc3, SPARC64.
I'm not exactly sure WHERE the problem is (the panic mentions
spamd - spamassassin daemon), but I can't see what that can
do to cause this:
----- s n i p -----
Jun 5 12:19:33 aurora kernel: Unable to handle kernel paging request at virtual address 00000001400c6000
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->context = 00000000000001e8
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->pgd = fffff80037cba000
Jun 5 12:19:34 aurora kernel: \|/ ____ \|/
Jun 5 12:19:34 aurora kernel: "@'/ .. \`@"
Jun 5 12:19:34 aurora kernel: /_| \__/ |_\
Jun 5 12:19:34 aurora kernel: \__U_/
Jun 5 12:19:34 aurora kernel: spamd(18649): Oops [#1]
Jun 5 12:19:34 aurora kernel: TSTATE: 0000000011009600 TPC: 000000000050a59c TNPC: 000000000050a5a0 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <__bzero+0x84/0xc0>
Jun 5 12:19:34 aurora kernel: g0: 0000000002056c00 g1: 0000000000000010 g2: 00000000d4bc183e g3: 0000000002062e48
Jun 5 12:19:34 aurora kernel: g4: fffff8003333d320 g5: fffff80000354000 g6: fffff800350d4000 g7: 00000000ffffffff
Jun 5 12:19:34 aurora kernel: o0: 00000001400c5fe0 o1: 0000000000000000 o2: 0000000000000000 o3: 00000001400c5fe0
Jun 5 12:19:34 aurora kernel: o4: 0000000000000040 o5: 0000000000000002 sp: fffff800350d64f1 ret_pc: 0000000002060f2c
Jun 5 12:19:34 aurora kernel: RPC: <match+0x7ac/0x960 [ipt_recent]>
Jun 5 12:19:34 aurora kernel: l0: 00000001400927f8 l1: 00000000000007f8 l2: 00000001400c8000 l3: 0000000140092000
Jun 5 12:19:34 aurora kernel: l4: 000000000000003e l5: 00000000000000f8 l6: 00000000d4d64632 l7: 000000014008e000
Jun 5 12:19:34 aurora kernel: i0: 0000000000000033 i1: 0000000102d21888 i2: 00000001400cc000 i3: 000000014016c888
Jun 5 12:19:34 aurora kernel: i4: 000000000000003e i5: 0000000000000040 i6: fffff800350d65c1 i7: 000000000203a304
Jun 5 12:19:34 aurora kernel: I7: <ipt_do_table+0x2c4/0x5c0 [ip_tables]>
Jun 5 12:19:34 aurora kernel: Caller[000000000203a304]: ipt_do_table+0x2c4/0x5c0 [ip_tables]
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3a8c]: nf_iterate+0x4c/0xe0
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3ed0]: nf_hook_slow+0x90/0x1a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b02c0]: ip_local_deliver+0x60/0x3a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b0ab0]: ip_rcv+0x4b0/0x700
Jun 5 12:19:34 aurora kernel: Caller[0000000000597ac0]: netif_receive_skb+0x1e0/0x300
Jun 5 12:19:34 aurora kernel: Caller[0000000000597c64]: process_backlog+0x84/0x160
Jun 5 12:19:34 aurora kernel: Caller[0000000000597df0]: net_rx_action+0xb0/0x1c0
Jun 5 12:19:34 aurora kernel: Caller[000000000045263c]: __do_softirq+0x7c/0x120
Jun 5 12:19:34 aurora kernel: Caller[0000000000452724]: do_softirq+0x44/0x60
Jun 5 12:19:34 aurora kernel: Caller[0000000000452790]: local_bh_enable+0x50/0xc0
Jun 5 12:19:34 aurora kernel: Caller[00000000005971c0]: dev_queue_xmit+0xc0/0x300
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4418]: ip_finish_output+0x118/0x2c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4b2c]: ip_queue_xmit+0x2cc/0x5c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005c82d4]: tcp_transmit_skb+0x334/0x760
Jun 5 12:19:34 aurora kernel: Caller[00000000005cb258]: tcp_connect+0x2b8/0x3c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005ce168]: tcp_v4_connect+0x4e8/0xaa0
Jun 5 12:19:34 aurora kernel: Caller[00000000005dfd20]: inet_stream_connect+0x80/0x1e0
Jun 5 12:19:34 aurora kernel: Caller[000000000058caa4]: sys_connect+0x64/0x80
Jun 5 12:19:34 aurora kernel: Caller[00000000004112f4]: linux_sparc_syscall32+0x34/0x40
Jun 5 12:19:34 aurora kernel: Caller[00000000705ca244]: 0x705ca244
Jun 5 12:19:34 aurora kernel: Instruction DUMP: d4722008 d4722010 d4722018 <d4722020> d4722028 d4722030 d4722038 98a32040 124ffff6
Jun 5 12:19:34 aurora kernel: Kernel panic - not syncing: Aiee, killing interrupt handler!
Jun 5 12:19:34 aurora kernel: TSTATE: 0000009911f09600 TPC: 000000000044c6d0 TNPC: 000000000044c6d4 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <do_syslog+0xf0/0x440>
Jun 5 12:19:34 aurora kernel: g0: fffff8002ae7b371 g1: 0000000000000002 g2: 0000000000000000 g3: 0000000000000000
Jun 5 12:19:34 aurora kernel: g4: fffff8001b3b6d60 g5: fffff8000035c000 g6: fffff8002ae78000 g7: 0000000000000001
Jun 5 12:19:34 aurora kernel: o0: 000000000064b9b0 o1: 0000000000007fff o2: 000000000000cb8f o3: 000000000000cb8f
Jun 5 12:19:34 aurora kernel: o4: 00000000006efbe8 o5: 0000000000000001 sp: fffff8002ae7b331 ret_pc: 000000000044c6fc
Jun 5 12:19:34 aurora kernel: RPC: <do_syslog+0x11c/0x440>
Jun 5 12:19:34 aurora kernel: l0: 000000000000076a l1: 00000000006f7800 l2: 000000000064b800 l3: 000000000064b800
Jun 5 12:19:34 aurora kernel: l4: 00000000006f7800 l5: 000000000064b800 l6: 000000000064b800 l7: 0000000000000008
Jun 5 12:19:34 aurora kernel: i0: 0000000000000000 i1: 0000000000026a2a i2: 0000000000000fff i3: 0000000000004000
Jun 5 12:19:34 aurora kernel: i4: 0000000000040000 i5: 0000000030300031 i6: fffff8002ae7b451 i7: 00000000004c9d60
Jun 5 12:19:34 aurora kernel: I7: <kmsg_read+0x40/0x60>
Jun 5 12:20:01 aurora /USR/SBIN/CRON[21537]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi)
Jun 5 12:27:28 aurora syslogd 1.4.1#10: restart.
----- s n i p -----
[this snippet is also included as an attachment, for those that don't want
it line wrapped]
'Funny' that CRON could at least send ONE message to syslog before the
machine halts.
What I was trying to do is blocking excessive connections to some
services running on the machine. The services/ports I'm trying to
limit are:
22:SSH, 23:TELNET, 88:KRB5, 107:RTELNET, 389:LDAP, 543:RLOGIN,
636:LDAPS, 749:KRB5ADM, 751:KRB5AUTH, 992:TELNETS, 2105:EKLOGIN,
3306:MYSQL, 5432:PGSQL, 8080:SQUID
Localhost (both 127.0.0.1 and external interface IP) is added to
the *_WHITELIST as is some other hosts...
More details on the URL:
http://blog.andrew.net.au/2005/02/17#ipt_recent_and_ssh_attacks
--=-=-Content-Disposition: inline; filename=kernel-panic.txt
Content-Description: Kernel panic
Jun 5 12:19:33 aurora kernel: Unable to handle kernel paging request at virtual address 00000001400c6000
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->context = 00000000000001e8
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->pgd = fffff80037cba000
Jun 5 12:19:34 aurora kernel: \|/ ____ \|/
Jun 5 12:19:34 aurora kernel: "@'/ .. \`@"
Jun 5 12:19:34 aurora kernel: /_| \__/ |_\
Jun 5 12:19:34 aurora kernel: \__U_/
Jun 5 12:19:34 aurora kernel: spamd(18649): Oops [#1]
Jun 5 12:19:34 aurora kernel: TSTATE: 0000000011009600 TPC: 000000000050a59c TNPC: 000000000050a5a0 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <__bzero+0x84/0xc0>
Jun 5 12:19:34 aurora kernel: g0: 0000000002056c00 g1: 0000000000000010 g2: 00000000d4bc183e g3: 0000000002062e48
Jun 5 12:19:34 aurora kernel: g4: fffff8003333d320 g5: fffff80000354000 g6: fffff800350d4000 g7: 00000000ffffffff
Jun 5 12:19:34 aurora kernel: o0: 00000001400c5fe0 o1: 0000000000000000 o2: 0000000000000000 o3: 00000001400c5fe0
Jun 5 12:19:34 aurora kernel: o4: 0000000000000040 o5: 0000000000000002 sp: fffff800350d64f1 ret_pc: 0000000002060f2c
Jun 5 12:19:34 aurora kernel: RPC: <match+0x7ac/0x960 [ipt_recent]>
Jun 5 12:19:34 aurora kernel: l0: 00000001400927f8 l1: 00000000000007f8 l2: 00000001400c8000 l3: 0000000140092000
Jun 5 12:19:34 aurora kernel: l4: 000000000000003e l5: 00000000000000f8 l6: 00000000d4d64632 l7: 000000014008e000
Jun 5 12:19:34 aurora kernel: i0: 0000000000000033 i1: 0000000102d21888 i2: 00000001400cc000 i3: 000000014016c888
Jun 5 12:19:34 aurora kernel: i4: 000000000000003e i5: 0000000000000040 i6: fffff800350d65c1 i7: 000000000203a304
Jun 5 12:19:34 aurora kernel: I7: <ipt_do_table+0x2c4/0x5c0 [ip_tables]>
Jun 5 12:19:34 aurora kernel: Caller[000000000203a304]: ipt_do_table+0x2c4/0x5c0 [ip_tables]
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3a8c]: nf_iterate+0x4c/0xe0
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3ed0]: nf_hook_slow+0x90/0x1a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b02c0]: ip_local_deliver+0x60/0x3a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b0ab0]: ip_rcv+0x4b0/0x700
Jun 5 12:19:34 aurora kernel: Caller[0000000000597ac0]: netif_receive_skb+0x1e0/0x300
Jun 5 12:19:34 aurora kernel: Caller[0000000000597c64]: process_backlog+0x84/0x160
Jun 5 12:19:34 aurora kernel: Caller[0000000000597df0]: net_rx_action+0xb0/0x1c0
Jun 5 12:19:34 aurora kernel: Caller[000000000045263c]: __do_softirq+0x7c/0x120
Jun 5 12:19:34 aurora kernel: Caller[0000000000452724]: do_softirq+0x44/0x60
Jun 5 12:19:34 aurora kernel: Caller[0000000000452790]: local_bh_enable+0x50/0xc0
Jun 5 12:19:34 aurora kernel: Caller[00000000005971c0]: dev_queue_xmit+0xc0/0x300
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4418]: ip_finish_output+0x118/0x2c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4b2c]: ip_queue_xmit+0x2cc/0x5c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005c82d4]: tcp_transmit_skb+0x334/0x760
Jun 5 12:19:34 aurora kernel: Caller[00000000005cb258]: tcp_connect+0x2b8/0x3c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005ce168]: tcp_v4_connect+0x4e8/0xaa0
Jun 5 12:19:34 aurora kernel: Caller[00000000005dfd20]: inet_stream_connect+0x80/0x1e0
Jun 5 12:19:34 aurora kernel: Caller[000000000058caa4]: sys_connect+0x64/0x80
Jun 5 12:19:34 aurora kernel: Caller[00000000004112f4]: linux_sparc_syscall32+0x34/0x40
Jun 5 12:19:34 aurora kernel: Caller[00000000705ca244]: 0x705ca244
Jun 5 12:19:34 aurora kernel: Instruction DUMP: d4722008 d4722010 d4722018 <d4722020> d4722028 d4722030 d4722038 98a32040 124ffff6
Jun 5 12:19:34 aurora kernel: Kernel panic - not syncing: Aiee, killing interrupt handler!
Jun 5 12:19:34 aurora kernel: TSTATE: 0000009911f09600 TPC: 000000000044c6d0 TNPC: 000000000044c6d4 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <do_syslog+0xf0/0x440>
Jun 5 12:19:34 aurora kernel: g0: fffff8002ae7b371 g1: 0000000000000002 g2: 0000000000000000 g3: 0000000000000000
Jun 5 12:19:34 aurora kernel: g4: fffff8001b3b6d60 g5: fffff8000035c000 g6: fffff8002ae78000 g7: 0000000000000001
Jun 5 12:19:34 aurora kernel: o0: 000000000064b9b0 o1: 0000000000007fff o2: 000000000000cb8f o3: 000000000000cb8f
Jun 5 12:19:34 aurora kernel: o4: 00000000006efbe8 o5: 0000000000000001 sp: fffff8002ae7b331 ret_pc: 000000000044c6fc
Jun 5 12:19:34 aurora kernel: RPC: <do_syslog+0x11c/0x440>
Jun 5 12:19:34 aurora kernel: l0: 000000000000076a l1: 00000000006f7800 l2: 000000000064b800 l3: 000000000064b800
Jun 5 12:19:34 aurora kernel: l4: 00000000006f7800 l5: 000000000064b800 l6: 000000000064b800 l7: 0000000000000008
Jun 5 12:19:34 aurora kernel: i0: 0000000000000000 i1: 0000000000026a2a i2: 0000000000000fff i3: 0000000000004000
Jun 5 12:19:34 aurora kernel: i4: 0000000000040000 i5: 0000000030300031 i6: fffff8002ae7b451 i7: 00000000004c9d60
Jun 5 12:19:34 aurora kernel: I7: <kmsg_read+0x40/0x60>
Jun 5 12:20:01 aurora /USR/SBIN/CRON[21537]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi)
Jun 5 12:27:28 aurora syslogd 1.4.1#10: restart.
--=-=-=--
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: ipt_recent && spamd (!?) && kernel panic
2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson
@ 2005-06-08 19:04 ` David S. Miller
2005-06-08 19:42 ` Turbo Fredriksson
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: David S. Miller @ 2005-06-08 19:04 UTC (permalink / raw)
To: sparclinux
From: Turbo Fredriksson <turbo@swe.net>
Date: Wed, 08 Jun 2005 09:34:00 +0200
> I'm not exactly sure WHERE the problem is (the panic mentions
> spamd - spamassassin daemon), but I can't see what that can
> do to cause this:
The crash clearly shows that it's a bzero() call made by the
match() function in ipt_recent.c of the kernel.
What ipt_recent rules do you have loaded?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: ipt_recent && spamd (!?) && kernel panic
2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson
2005-06-08 19:04 ` David S. Miller
@ 2005-06-08 19:42 ` Turbo Fredriksson
2005-06-14 1:31 ` David S. Miller
2005-07-04 9:49 ` Turbo Fredriksson
3 siblings, 0 replies; 5+ messages in thread
From: Turbo Fredriksson @ 2005-06-08 19:42 UTC (permalink / raw)
To: sparclinux
--=-=-
>>>>> "David" = David S Miller <davem@davemloft.net> writes:
David> From: Turbo Fredriksson <turbo@swe.net> Date: Wed, 08 Jun
David> 2005 09:34:00 +0200
>> I'm not exactly sure WHERE the problem is (the panic mentions
>> spamd - spamassassin daemon), but I can't see what that can do
>> to cause this:
David> The crash clearly shows that it's a bzero() call made by
David> the match() function in ipt_recent.c of the kernel.
David> What ipt_recent rules do you have loaded?
Included the FULL list that I _WANT_ to run. I disabled spamassassin
and qmail, flushed the tables and loaded the REAL table rules, did
'iptables -L -n' down to this file and then loaded the one I'm running
now (almost the same, just without the ipt_recent stuff)... All in a
oneliner to minimize the risk of crash :)
[I thought about obfuscate it, but thought against it. 'Everyone'
already know about my machines :)]
--=-=-Content-Disposition: inline; filename=iptables.txt
Content-Description: iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:67
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:67
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:772
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:772
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:69
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:69
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:111
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:111
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:161
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:161
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:162
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:162
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:389
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:389
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:636
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:636
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:749
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:749
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:783
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:783
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:873
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:873
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:3306
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:3306
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:2988
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:2988
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:3000
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:3000
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:9101
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:9101
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:9102
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:9102
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:9103
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:9103
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:3551
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:3551
ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:6544
ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:6544
ACCEPT tcp -- 82.182.174.117 212.214.70.50
ACCEPT udp -- 82.182.174.117 212.214.70.50
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH
SSH_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SSHLOG flags 0 level 4 prefix `SSH_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SSH
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW recent: SET name: TELNET
TELNET_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNETLOG flags 0 level 4 prefix `TELNET_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNET
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW recent: SET name: KRB5
KRB5_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5LOG flags 0 level 4 prefix `KRB5_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW recent: SET name: RTELNET
RTELNET_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RTELNETLOG flags 0 level 4 prefix `RTELNET_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RTELNET
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW recent: SET name: LDAP
LDAP_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAPLOG flags 0 level 4 prefix `LDAP_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAP
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW recent: SET name: RLOGIN
RLOGIN_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RLOGINLOG flags 0 level 4 prefix `RLOGIN_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RLOGIN
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW recent: SET name: LDAPS
LDAPS_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAPSLOG flags 0 level 4 prefix `LDAPS_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAPS
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW recent: SET name: KRB5ADM
KRB5ADM_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5ADMLOG flags 0 level 4 prefix `KRB5ADM_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5ADM
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW recent: SET name: KRB5AUTH
KRB5AUTH_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5AUTHLOG flags 0 level 4 prefix `KRB5AUTH_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5AUTH
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW recent: SET name: TELNETS
TELNETS_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNETSLOG flags 0 level 4 prefix `TELNETS_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNETS
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW recent: SET name: EKLOGIN
EKLOGIN_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: EKLOGINLOG flags 0 level 4 prefix `EKLOGIN_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: EKLOGIN
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW recent: SET name: MYSQL
MYSQL_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: MYSQLLOG flags 0 level 4 prefix `MYSQL_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: MYSQL
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW recent: SET name: PGSQL
PGSQL_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: PGSQLLOG flags 0 level 4 prefix `PGSQL_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: PGSQL
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW recent: SET name: SQUID
SQUID_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SQUIDLOG flags 0 level 4 prefix `SQUID_brute_force'
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SQUID
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:0:19 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:26:52 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:54:79 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:81:87 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:89:109 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:111 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:115:142 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:144:442 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:444:542 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:545:627 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:629:992 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:994 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:996:1023 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3306 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:6000 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3128 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3551 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3000 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:4000 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:6544 reject-with tcp-reset
REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:8180 reject-with tcp-reset
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:0:19
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:26:52
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:54:79
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:81:87
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:89:109
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:111
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:115:142
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:144:442
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:444:542
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:545:627
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:629:992
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:994
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:996:1023
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3306
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:6000
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3128
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3551
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3000
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:4000
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:6544
DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:8180
REJECT tcp -- 202.141.1.0/24 212.214.70.50 reject-with tcp-reset
DROP udp -- 202.141.1.0/24 212.214.70.50
REJECT tcp -- 212.211.81.19 212.214.70.50 reject-with tcp-reset
DROP udp -- 212.211.81.19 212.214.70.50
REJECT tcp -- 212.211.89.9 212.214.70.50 reject-with tcp-reset
DROP udp -- 212.211.89.9 212.214.70.50
REJECT tcp -- 213.7.186.208 212.214.70.50 reject-with tcp-reset
DROP udp -- 213.7.186.208 212.214.70.50
REJECT tcp -- 24.62.47.212 212.214.70.50 reject-with tcp-reset
DROP udp -- 24.62.47.212 212.214.70.50
REJECT tcp -- 64.195.6.8 212.214.70.50 reject-with tcp-reset
DROP udp -- 64.195.6.8 212.214.70.50
REJECT tcp -- 68.14.75.78 212.214.70.50 reject-with tcp-reset
DROP udp -- 68.14.75.78 212.214.70.50
REJECT tcp -- 195.232.52.49 212.214.70.50 reject-with tcp-reset
DROP udp -- 195.232.52.49 212.214.70.50
REJECT tcp -- 218.154.16.196 212.214.70.50 reject-with tcp-reset
DROP udp -- 218.154.16.196 212.214.70.50
REJECT tcp -- 195.116.71.42 212.214.70.50 reject-with tcp-reset
DROP udp -- 195.116.71.42 212.214.70.50
REJECT tcp -- 64.146.105.187 212.214.70.50 reject-with tcp-reset
DROP udp -- 64.146.105.187 212.214.70.50
REJECT tcp -- 193.224.154.0/24 212.214.70.50 reject-with tcp-reset
DROP udp -- 193.224.154.0/24 212.214.70.50
REJECT tcp -- 212.95.82.54 212.214.70.50 reject-with tcp-reset
DROP udp -- 212.95.82.54 212.214.70.50
REJECT tcp -- 62.233.205.186 212.214.70.50 reject-with tcp-reset
DROP udp -- 62.233.205.186 212.214.70.50
REJECT tcp -- 212.213.244.120 212.214.70.50 reject-with tcp-reset
DROP udp -- 212.213.244.120 212.214.70.50
REJECT tcp -- 172.128.0.0/10 212.214.70.50 reject-with tcp-reset
DROP udp -- 172.128.0.0/10 212.214.70.50
REJECT tcp -- 24.30.145.242 212.214.70.50 reject-with tcp-reset
DROP udp -- 24.30.145.242 212.214.70.50
REJECT tcp -- 211.220.19.245 212.214.70.50 reject-with tcp-reset
DROP udp -- 211.220.19.245 212.214.70.50
REJECT tcp -- 67.109.54.39 212.214.70.50 reject-with tcp-reset
DROP udp -- 67.109.54.39 212.214.70.50
REJECT tcp -- 203.131.147.240 212.214.70.50 reject-with tcp-reset
DROP udp -- 203.131.147.240 212.214.70.50
REJECT tcp -- 165.165.252.86 212.214.70.50 reject-with tcp-reset
DROP udp -- 165.165.252.86 212.214.70.50
REJECT tcp -- 64.222.46.60 212.214.70.50 reject-with tcp-reset
DROP udp -- 64.222.46.60 212.214.70.50
REJECT tcp -- 65.42.84.121 212.214.70.50 reject-with tcp-reset
DROP udp -- 65.42.84.121 212.214.70.50
REJECT tcp -- 212.194.21.170 212.214.70.50 reject-with tcp-reset
DROP udp -- 212.194.21.170 212.214.70.50
REJECT tcp -- 24.100.215.155 212.214.70.50 reject-with tcp-reset
DROP udp -- 24.100.215.155 212.214.70.50
REJECT tcp -- 221.163.10.3 212.214.70.50 reject-with tcp-reset
DROP udp -- 221.163.10.3 212.214.70.50
REJECT tcp -- 81.128.121.175 212.214.70.50 reject-with tcp-reset
DROP udp -- 81.128.121.175 212.214.70.50
REJECT tcp -- 81.217.6.84 212.214.70.50 reject-with tcp-reset
DROP udp -- 81.217.6.84 212.214.70.50
REJECT tcp -- 64.222.163.237 212.214.70.50 reject-with tcp-reset
DROP udp -- 64.222.163.237 212.214.70.50
REJECT tcp -- 219.137.1.148 212.214.70.50 reject-with tcp-reset
DROP udp -- 219.137.1.148 212.214.70.50
REJECT tcp -- 213.42.2.180 212.214.70.50 reject-with tcp-reset
DROP udp -- 213.42.2.180 212.214.70.50
REJECT tcp -- 68.236.193.231 212.214.70.50 reject-with tcp-reset
DROP udp -- 68.236.193.231 212.214.70.50
REJECT tcp -- 193.203.244.210 212.214.70.50 reject-with tcp-reset
DROP udp -- 193.203.244.210 212.214.70.50
REJECT tcp -- 212.143.119.26 212.214.70.50 reject-with tcp-reset
DROP udp -- 212.143.119.26 212.214.70.50
REJECT tcp -- 82.48.13.9 212.214.70.50 reject-with tcp-reset
DROP udp -- 82.48.13.9 212.214.70.50
REJECT tcp -- 61.249.50.44 212.214.70.50 reject-with tcp-reset
DROP udp -- 61.249.50.44 212.214.70.50
REJECT tcp -- 218.170.103.209 212.214.70.50 reject-with tcp-reset
DROP udp -- 218.170.103.209 212.214.70.50
REJECT tcp -- 62.30.182.119 212.214.70.50 reject-with tcp-reset
DROP udp -- 62.30.182.119 212.214.70.50
REJECT tcp -- 24.87.47.181 212.214.70.50 reject-with tcp-reset
DROP udp -- 24.87.47.181 212.214.70.50
REJECT tcp -- 64.223.155.75 212.214.70.50 reject-with tcp-reset
DROP udp -- 64.223.155.75 212.214.70.50
REJECT tcp -- 221.140.69.144 212.214.70.50 reject-with tcp-reset
DROP udp -- 221.140.69.144 212.214.70.50
REJECT tcp -- 218.148.110.156 212.214.70.50 reject-with tcp-reset
DROP udp -- 218.148.110.156 212.214.70.50
REJECT tcp -- 64.222.46.178 212.214.70.50 reject-with tcp-reset
DROP udp -- 64.222.46.178 212.214.70.50
REJECT tcp -- 24.165.209.70 212.214.70.50 reject-with tcp-reset
DROP udp -- 24.165.209.70 212.214.70.50
REJECT tcp -- 220.65.59.77 212.214.70.50 reject-with tcp-reset
DROP udp -- 220.65.59.77 212.214.70.50
REJECT tcp -- 63.159.12.141 212.214.70.50 reject-with tcp-reset
DROP udp -- 63.159.12.141 212.214.70.50
REJECT tcp -- 220.91.136.228 212.214.70.50 reject-with tcp-reset
DROP udp -- 220.91.136.228 212.214.70.50
REJECT tcp -- 210.219.250.124 212.214.70.50 reject-with tcp-reset
DROP udp -- 210.219.250.124 212.214.70.50
REJECT tcp -- 211.214.35.170 212.214.70.50 reject-with tcp-reset
DROP udp -- 211.214.35.170 212.214.70.50
REJECT tcp -- 212.119.176.194 212.214.70.50 reject-with tcp-reset
DROP udp -- 212.119.176.194 212.214.70.50
REJECT tcp -- 217.160.240.131 212.214.70.50 reject-with tcp-reset
DROP udp -- 217.160.240.131 212.214.70.50
REJECT tcp -- 218.149.164.73 212.214.70.50 reject-with tcp-reset
DROP udp -- 218.149.164.73 212.214.70.50
REJECT tcp -- 69.67.166.74 212.214.70.50 reject-with tcp-reset
DROP udp -- 69.67.166.74 212.214.70.50
REJECT tcp -- 222.64.0.0/13 212.214.70.50 reject-with tcp-reset
DROP udp -- 222.64.0.0/13 212.214.70.50
REJECT tcp -- 222.72.0.0/15 212.214.70.50 reject-with tcp-reset
DROP udp -- 222.72.0.0/15 212.214.70.50
REJECT tcp -- 202.108.181.0/24 212.214.70.50 reject-with tcp-reset
DROP udp -- 202.108.181.0/24 212.214.70.50
REJECT tcp -- 221.224.0.0/13 212.214.70.50 reject-with tcp-reset
DROP udp -- 221.224.0.0/13 212.214.70.50
REJECT tcp -- 218.78.0.0/15 212.214.70.50 reject-with tcp-reset
DROP udp -- 218.78.0.0/15 212.214.70.50
REJECT tcp -- 218.80.0.0/14 212.214.70.50 reject-with tcp-reset
DROP udp -- 218.80.0.0/14 212.214.70.50
REJECT tcp -- 211.252.198.222 212.214.70.50 reject-with tcp-reset
DROP udp -- 211.252.198.222 212.214.70.50
REJECT tcp -- 200.80.38.1 212.214.70.50 reject-with tcp-reset
DROP udp -- 200.80.38.1 212.214.70.50
REJECT tcp -- 194.137.97.98 212.214.70.50 reject-with tcp-reset
DROP udp -- 194.137.97.98 212.214.70.50
REJECT tcp -- 172.191.135.86 212.214.70.50 reject-with tcp-reset
DROP udp -- 172.191.135.86 212.214.70.50
REJECT tcp -- 220.88.0.0/13 212.214.70.50 reject-with tcp-reset
DROP udp -- 220.88.0.0/13 212.214.70.50
REJECT tcp -- 221.0.0.0/8 212.214.70.50 reject-with tcp-reset
DROP udp -- 221.0.0.0/8 212.214.70.50
REJECT tcp -- 217.83.176.188 212.214.70.50 reject-with tcp-reset
DROP udp -- 217.83.176.188 212.214.70.50
REJECT tcp -- 220.95.232.11 212.214.70.50 reject-with tcp-reset
DROP udp -- 220.95.232.11 212.214.70.50
REJECT tcp -- 68.142.251.0/24 212.214.70.50 reject-with tcp-reset
DROP udp -- 68.142.251.0/24 212.214.70.50
REJECT tcp -- 82.105.20.18 212.214.70.50 reject-with tcp-reset
DROP udp -- 82.105.20.18 212.214.70.50
REJECT tcp -- 211.114.170.161 212.214.70.50 reject-with tcp-reset
DROP udp -- 211.114.170.161 212.214.70.50
REJECT tcp -- 68.142.249.0/24 212.214.70.50 reject-with tcp-reset
DROP udp -- 68.142.249.0/24 212.214.70.50
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain EKLOGIN_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: EKLOGIN
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: EKLOGIN
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: EKLOGIN
Chain KRB5ADM_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: KRB5ADM
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: KRB5ADM
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: KRB5ADM
Chain KRB5AUTH_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: KRB5AUTH
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: KRB5AUTH
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: KRB5AUTH
Chain KRB5_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: KRB5
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: KRB5
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: KRB5
Chain LDAPS_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: LDAPS
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: LDAPS
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: LDAPS
Chain LDAP_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: LDAP
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: LDAP
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: LDAP
Chain MYSQL_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: MYSQL
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: MYSQL
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: MYSQL
Chain PGSQL_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: PGSQL
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: PGSQL
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: PGSQL
Chain RLOGIN_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: RLOGIN
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: RLOGIN
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: RLOGIN
Chain RTELNET_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: RTELNET
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: RTELNET
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: RTELNET
Chain SQUID_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: SQUID
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: SQUID
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: SQUID
Chain SSH_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: SSH
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: SSH
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: SSH
Chain TELNETS_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: TELNETS
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: TELNETS
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: TELNETS
Chain TELNET_WHITELIST (1 references)
target prot opt source destination
ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: TELNET
ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: TELNET
ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: TELNET
--=-=-=--
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: ipt_recent && spamd (!?) && kernel panic
2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson
2005-06-08 19:04 ` David S. Miller
2005-06-08 19:42 ` Turbo Fredriksson
@ 2005-06-14 1:31 ` David S. Miller
2005-07-04 9:49 ` Turbo Fredriksson
3 siblings, 0 replies; 5+ messages in thread
From: David S. Miller @ 2005-06-14 1:31 UTC (permalink / raw)
To: sparclinux
You're not the only person seeing this.
Here is a temp fix:
From: Juergen Kreileder <jk@blackdown.de>
I've had some ipt_recent rules acting strangely after an uptime of about 25
days. The broken behavior is reproducible in the 5 minutes before the
first jiffies roll-over right after booting too.
The cause of the problem is the jiffies comparision which doesn't work like
intended if one of the last hits was more than LONG_MAX seconds ago or if
the table of last hits contains empty slots and jiffies is > LONG_MAX.
This patch fixes the problem by using get_seconds() instead of jiffies. It
also fixes some 64-bit issues.
Signed-off-by: Juergen Kreileder <jk@blackdown.de>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---
include/linux/netfilter_ipv4/ipt_recent.h | 2 +-
net/ipv4/netfilter/ipt_recent.c | 21 +++++++++++----------
2 files changed, 12 insertions(+), 11 deletions(-)
diff -puN include/linux/netfilter_ipv4/ipt_recent.h~ipt_recent-fixes include/linux/netfilter_ipv4/ipt_recent.h
--- 25/include/linux/netfilter_ipv4/ipt_recent.h~ipt_recent-fixes 2005-05-09 18:08:27.000000000 -0700
+++ 25-akpm/include/linux/netfilter_ipv4/ipt_recent.h 2005-05-09 18:08:27.000000000 -0700
@@ -2,7 +2,7 @@
#define _IPT_RECENT_H
#define RECENT_NAME "ipt_recent"
-#define RECENT_VER "v0.3.1"
+#define RECENT_VER "v0.3.2"
#define IPT_RECENT_CHECK 1
#define IPT_RECENT_SET 2
diff -puN net/ipv4/netfilter/ipt_recent.c~ipt_recent-fixes net/ipv4/netfilter/ipt_recent.c
--- 25/net/ipv4/netfilter/ipt_recent.c~ipt_recent-fixes 2005-05-09 18:08:27.000000000 -0700
+++ 25-akpm/net/ipv4/netfilter/ipt_recent.c 2005-05-09 18:08:27.000000000 -0700
@@ -15,6 +15,7 @@
#include <linux/ctype.h>
#include <linux/ip.h>
#include <linux/vmalloc.h>
+#include <linux/time.h>
#include <linux/moduleparam.h>
#include <linux/netfilter_ipv4/ip_tables.h>
@@ -64,7 +65,7 @@ struct recent_ip_list {
struct time_info_list {
u_int32_t position;
- u_int32_t time;
+ unsigned long time;
};
/* Structure of our linked list of tables of recent lists. */
@@ -223,7 +224,7 @@ static int ip_recent_ctrl(struct file *f
curr_table->table[count].last_seen = 0;
curr_table->table[count].addr = 0;
curr_table->table[count].ttl = 0;
- memset(curr_table->table[count].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t));
+ memset(curr_table->table[count].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long));
curr_table->table[count].oldest_pkt = 0;
curr_table->table[count].time_pos = 0;
curr_table->time_info[count].position = count;
@@ -418,8 +419,8 @@ match(const struct sk_buff *skb,
if(debug) printk(KERN_INFO RECENT_NAME ": match(): checking table, addr: %u, ttl: %u, orig_ttl: %u\n",addr,ttl,skb->nh.iph->ttl);
#endif
- /* Get jiffies now in case they changed while we were waiting for a lock */
- now = jiffies;
+ /* Get time now in case it changed while we were waiting for a lock */
+ now = get_seconds();
hash_table = curr_table->hash_table;
time_info = curr_table->time_info;
@@ -502,7 +503,7 @@ match(const struct sk_buff *skb,
location = time_info[curr_table->time_pos].position;
hash_table[r_list[location].hash_entry] = -1;
hash_table[hash_result] = location;
- memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t));
+ memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long));
r_list[location].time_pos = curr_table->time_pos;
r_list[location].addr = addr;
r_list[location].ttl = ttl;
@@ -528,11 +529,11 @@ match(const struct sk_buff *skb,
if(info->check_set & IPT_RECENT_CHECK || info->check_set & IPT_RECENT_UPDATE) {
if(!info->seconds && !info->hit_count) ans = !info->invert; else ans = info->invert;
if(info->seconds && !info->hit_count) {
- if(time_before_eq(now,r_list[location].last_seen+info->seconds*HZ)) ans = !info->invert; else ans = info->invert;
+ if(now <= r_list[location].last_seen+info->seconds) ans = !info->invert; else ans = info->invert;
}
if(info->seconds && info->hit_count) {
for(pkt_count = 0, hits_found = 0; pkt_count < ip_pkt_list_tot; pkt_count++) {
- if(time_before_eq(now,r_list[location].last_pkts[pkt_count]+info->seconds*HZ)) hits_found++;
+ if(now <= r_list[location].last_pkts[pkt_count]+info->seconds) hits_found++;
}
if(hits_found >= info->hit_count) ans = !info->invert; else ans = info->invert;
}
@@ -631,7 +632,7 @@ match(const struct sk_buff *skb,
r_list[location].last_seen = 0;
r_list[location].addr = 0;
r_list[location].ttl = 0;
- memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t));
+ memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long));
r_list[location].oldest_pkt = 0;
ans = !info->invert;
}
@@ -734,10 +735,10 @@ checkentry(const char *tablename,
memset(curr_table->table,0,sizeof(struct recent_ip_list)*ip_list_tot);
#ifdef DEBUG
if(debug) printk(KERN_INFO RECENT_NAME ": checkentry: Allocating %d for pkt_list.\n",
- sizeof(u_int32_t)*ip_pkt_list_tot*ip_list_tot);
+ sizeof(unsigned long)*ip_pkt_list_tot*ip_list_tot);
#endif
- hold = vmalloc(sizeof(u_int32_t)*ip_pkt_list_tot*ip_list_tot);
+ hold = vmalloc(sizeof(unsigned long)*ip_pkt_list_tot*ip_list_tot);
#ifdef DEBUG
if(debug) printk(KERN_INFO RECENT_NAME ": checkentry: After pkt_list allocation.\n");
#endif
_
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: ipt_recent && spamd (!?) && kernel panic
2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson
` (2 preceding siblings ...)
2005-06-14 1:31 ` David S. Miller
@ 2005-07-04 9:49 ` Turbo Fredriksson
3 siblings, 0 replies; 5+ messages in thread
From: Turbo Fredriksson @ 2005-07-04 9:49 UTC (permalink / raw)
To: sparclinux
>>>>> "David" = David S Miller <davem@davemloft.net> writes:
David> You're not the only person seeing this.
David> Here is a temp fix:
Sorry for not replying sooner, but I didn't want to reboot for this
fix alone. But this morning I needed to rearrange the disks and
add some more memory, so I took the opportunity to upgrade the
kernel as well...
I've now been running with this patch for about ten minutes, and
so far so good. I.e. the kernel haven't crashed yet :)
So it seems that the fix works for me to... Thanx!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-07-04 9:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson
2005-06-08 19:04 ` David S. Miller
2005-06-08 19:42 ` Turbo Fredriksson
2005-06-14 1:31 ` David S. Miller
2005-07-04 9:49 ` Turbo Fredriksson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.