* ipt_recent && spamd (!?) && kernel panic
@ 2005-06-08 7:34 Turbo Fredriksson
2005-06-08 19:04 ` David S. Miller
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Turbo Fredriksson @ 2005-06-08 7:34 UTC (permalink / raw)
To: sparclinux
--=-=-
I've been trying the ipt_recent driver/module (?) and after
just a few minutes, the machine (a Sun Blade 1000 - 2x750MHz,
1Gb mem) receives (?) a kernel panic.
Does anyone have an idea what the problem can be, and/or what
to do about it? The kernel is 2.6.12-rc3, SPARC64.
I'm not exactly sure WHERE the problem is (the panic mentions
spamd - spamassassin daemon), but I can't see what that can
do to cause this:
----- s n i p -----
Jun 5 12:19:33 aurora kernel: Unable to handle kernel paging request at virtual address 00000001400c6000
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->context = 00000000000001e8
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->pgd = fffff80037cba000
Jun 5 12:19:34 aurora kernel: \|/ ____ \|/
Jun 5 12:19:34 aurora kernel: "@'/ .. \`@"
Jun 5 12:19:34 aurora kernel: /_| \__/ |_\
Jun 5 12:19:34 aurora kernel: \__U_/
Jun 5 12:19:34 aurora kernel: spamd(18649): Oops [#1]
Jun 5 12:19:34 aurora kernel: TSTATE: 0000000011009600 TPC: 000000000050a59c TNPC: 000000000050a5a0 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <__bzero+0x84/0xc0>
Jun 5 12:19:34 aurora kernel: g0: 0000000002056c00 g1: 0000000000000010 g2: 00000000d4bc183e g3: 0000000002062e48
Jun 5 12:19:34 aurora kernel: g4: fffff8003333d320 g5: fffff80000354000 g6: fffff800350d4000 g7: 00000000ffffffff
Jun 5 12:19:34 aurora kernel: o0: 00000001400c5fe0 o1: 0000000000000000 o2: 0000000000000000 o3: 00000001400c5fe0
Jun 5 12:19:34 aurora kernel: o4: 0000000000000040 o5: 0000000000000002 sp: fffff800350d64f1 ret_pc: 0000000002060f2c
Jun 5 12:19:34 aurora kernel: RPC: <match+0x7ac/0x960 [ipt_recent]>
Jun 5 12:19:34 aurora kernel: l0: 00000001400927f8 l1: 00000000000007f8 l2: 00000001400c8000 l3: 0000000140092000
Jun 5 12:19:34 aurora kernel: l4: 000000000000003e l5: 00000000000000f8 l6: 00000000d4d64632 l7: 000000014008e000
Jun 5 12:19:34 aurora kernel: i0: 0000000000000033 i1: 0000000102d21888 i2: 00000001400cc000 i3: 000000014016c888
Jun 5 12:19:34 aurora kernel: i4: 000000000000003e i5: 0000000000000040 i6: fffff800350d65c1 i7: 000000000203a304
Jun 5 12:19:34 aurora kernel: I7: <ipt_do_table+0x2c4/0x5c0 [ip_tables]>
Jun 5 12:19:34 aurora kernel: Caller[000000000203a304]: ipt_do_table+0x2c4/0x5c0 [ip_tables]
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3a8c]: nf_iterate+0x4c/0xe0
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3ed0]: nf_hook_slow+0x90/0x1a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b02c0]: ip_local_deliver+0x60/0x3a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b0ab0]: ip_rcv+0x4b0/0x700
Jun 5 12:19:34 aurora kernel: Caller[0000000000597ac0]: netif_receive_skb+0x1e0/0x300
Jun 5 12:19:34 aurora kernel: Caller[0000000000597c64]: process_backlog+0x84/0x160
Jun 5 12:19:34 aurora kernel: Caller[0000000000597df0]: net_rx_action+0xb0/0x1c0
Jun 5 12:19:34 aurora kernel: Caller[000000000045263c]: __do_softirq+0x7c/0x120
Jun 5 12:19:34 aurora kernel: Caller[0000000000452724]: do_softirq+0x44/0x60
Jun 5 12:19:34 aurora kernel: Caller[0000000000452790]: local_bh_enable+0x50/0xc0
Jun 5 12:19:34 aurora kernel: Caller[00000000005971c0]: dev_queue_xmit+0xc0/0x300
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4418]: ip_finish_output+0x118/0x2c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4b2c]: ip_queue_xmit+0x2cc/0x5c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005c82d4]: tcp_transmit_skb+0x334/0x760
Jun 5 12:19:34 aurora kernel: Caller[00000000005cb258]: tcp_connect+0x2b8/0x3c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005ce168]: tcp_v4_connect+0x4e8/0xaa0
Jun 5 12:19:34 aurora kernel: Caller[00000000005dfd20]: inet_stream_connect+0x80/0x1e0
Jun 5 12:19:34 aurora kernel: Caller[000000000058caa4]: sys_connect+0x64/0x80
Jun 5 12:19:34 aurora kernel: Caller[00000000004112f4]: linux_sparc_syscall32+0x34/0x40
Jun 5 12:19:34 aurora kernel: Caller[00000000705ca244]: 0x705ca244
Jun 5 12:19:34 aurora kernel: Instruction DUMP: d4722008 d4722010 d4722018 <d4722020> d4722028 d4722030 d4722038 98a32040 124ffff6
Jun 5 12:19:34 aurora kernel: Kernel panic - not syncing: Aiee, killing interrupt handler!
Jun 5 12:19:34 aurora kernel: TSTATE: 0000009911f09600 TPC: 000000000044c6d0 TNPC: 000000000044c6d4 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <do_syslog+0xf0/0x440>
Jun 5 12:19:34 aurora kernel: g0: fffff8002ae7b371 g1: 0000000000000002 g2: 0000000000000000 g3: 0000000000000000
Jun 5 12:19:34 aurora kernel: g4: fffff8001b3b6d60 g5: fffff8000035c000 g6: fffff8002ae78000 g7: 0000000000000001
Jun 5 12:19:34 aurora kernel: o0: 000000000064b9b0 o1: 0000000000007fff o2: 000000000000cb8f o3: 000000000000cb8f
Jun 5 12:19:34 aurora kernel: o4: 00000000006efbe8 o5: 0000000000000001 sp: fffff8002ae7b331 ret_pc: 000000000044c6fc
Jun 5 12:19:34 aurora kernel: RPC: <do_syslog+0x11c/0x440>
Jun 5 12:19:34 aurora kernel: l0: 000000000000076a l1: 00000000006f7800 l2: 000000000064b800 l3: 000000000064b800
Jun 5 12:19:34 aurora kernel: l4: 00000000006f7800 l5: 000000000064b800 l6: 000000000064b800 l7: 0000000000000008
Jun 5 12:19:34 aurora kernel: i0: 0000000000000000 i1: 0000000000026a2a i2: 0000000000000fff i3: 0000000000004000
Jun 5 12:19:34 aurora kernel: i4: 0000000000040000 i5: 0000000030300031 i6: fffff8002ae7b451 i7: 00000000004c9d60
Jun 5 12:19:34 aurora kernel: I7: <kmsg_read+0x40/0x60>
Jun 5 12:20:01 aurora /USR/SBIN/CRON[21537]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi)
Jun 5 12:27:28 aurora syslogd 1.4.1#10: restart.
----- s n i p -----
[this snippet is also included as an attachment, for those that don't want
it line wrapped]
'Funny' that CRON could at least send ONE message to syslog before the
machine halts.
What I was trying to do is blocking excessive connections to some
services running on the machine. The services/ports I'm trying to
limit are:
22:SSH, 23:TELNET, 88:KRB5, 107:RTELNET, 389:LDAP, 543:RLOGIN,
636:LDAPS, 749:KRB5ADM, 751:KRB5AUTH, 992:TELNETS, 2105:EKLOGIN,
3306:MYSQL, 5432:PGSQL, 8080:SQUID
Localhost (both 127.0.0.1 and external interface IP) is added to
the *_WHITELIST as is some other hosts...
More details on the URL:
http://blog.andrew.net.au/2005/02/17#ipt_recent_and_ssh_attacks
--=-=-Content-Disposition: inline; filename=kernel-panic.txt
Content-Description: Kernel panic
Jun 5 12:19:33 aurora kernel: Unable to handle kernel paging request at virtual address 00000001400c6000
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->context = 00000000000001e8
Jun 5 12:19:33 aurora kernel: tsk->{mm,active_mm}->pgd = fffff80037cba000
Jun 5 12:19:34 aurora kernel: \|/ ____ \|/
Jun 5 12:19:34 aurora kernel: "@'/ .. \`@"
Jun 5 12:19:34 aurora kernel: /_| \__/ |_\
Jun 5 12:19:34 aurora kernel: \__U_/
Jun 5 12:19:34 aurora kernel: spamd(18649): Oops [#1]
Jun 5 12:19:34 aurora kernel: TSTATE: 0000000011009600 TPC: 000000000050a59c TNPC: 000000000050a5a0 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <__bzero+0x84/0xc0>
Jun 5 12:19:34 aurora kernel: g0: 0000000002056c00 g1: 0000000000000010 g2: 00000000d4bc183e g3: 0000000002062e48
Jun 5 12:19:34 aurora kernel: g4: fffff8003333d320 g5: fffff80000354000 g6: fffff800350d4000 g7: 00000000ffffffff
Jun 5 12:19:34 aurora kernel: o0: 00000001400c5fe0 o1: 0000000000000000 o2: 0000000000000000 o3: 00000001400c5fe0
Jun 5 12:19:34 aurora kernel: o4: 0000000000000040 o5: 0000000000000002 sp: fffff800350d64f1 ret_pc: 0000000002060f2c
Jun 5 12:19:34 aurora kernel: RPC: <match+0x7ac/0x960 [ipt_recent]>
Jun 5 12:19:34 aurora kernel: l0: 00000001400927f8 l1: 00000000000007f8 l2: 00000001400c8000 l3: 0000000140092000
Jun 5 12:19:34 aurora kernel: l4: 000000000000003e l5: 00000000000000f8 l6: 00000000d4d64632 l7: 000000014008e000
Jun 5 12:19:34 aurora kernel: i0: 0000000000000033 i1: 0000000102d21888 i2: 00000001400cc000 i3: 000000014016c888
Jun 5 12:19:34 aurora kernel: i4: 000000000000003e i5: 0000000000000040 i6: fffff800350d65c1 i7: 000000000203a304
Jun 5 12:19:34 aurora kernel: I7: <ipt_do_table+0x2c4/0x5c0 [ip_tables]>
Jun 5 12:19:34 aurora kernel: Caller[000000000203a304]: ipt_do_table+0x2c4/0x5c0 [ip_tables]
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3a8c]: nf_iterate+0x4c/0xe0
Jun 5 12:19:34 aurora kernel: Caller[00000000005a3ed0]: nf_hook_slow+0x90/0x1a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b02c0]: ip_local_deliver+0x60/0x3a0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b0ab0]: ip_rcv+0x4b0/0x700
Jun 5 12:19:34 aurora kernel: Caller[0000000000597ac0]: netif_receive_skb+0x1e0/0x300
Jun 5 12:19:34 aurora kernel: Caller[0000000000597c64]: process_backlog+0x84/0x160
Jun 5 12:19:34 aurora kernel: Caller[0000000000597df0]: net_rx_action+0xb0/0x1c0
Jun 5 12:19:34 aurora kernel: Caller[000000000045263c]: __do_softirq+0x7c/0x120
Jun 5 12:19:34 aurora kernel: Caller[0000000000452724]: do_softirq+0x44/0x60
Jun 5 12:19:34 aurora kernel: Caller[0000000000452790]: local_bh_enable+0x50/0xc0
Jun 5 12:19:34 aurora kernel: Caller[00000000005971c0]: dev_queue_xmit+0xc0/0x300
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4418]: ip_finish_output+0x118/0x2c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005b4b2c]: ip_queue_xmit+0x2cc/0x5c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005c82d4]: tcp_transmit_skb+0x334/0x760
Jun 5 12:19:34 aurora kernel: Caller[00000000005cb258]: tcp_connect+0x2b8/0x3c0
Jun 5 12:19:34 aurora kernel: Caller[00000000005ce168]: tcp_v4_connect+0x4e8/0xaa0
Jun 5 12:19:34 aurora kernel: Caller[00000000005dfd20]: inet_stream_connect+0x80/0x1e0
Jun 5 12:19:34 aurora kernel: Caller[000000000058caa4]: sys_connect+0x64/0x80
Jun 5 12:19:34 aurora kernel: Caller[00000000004112f4]: linux_sparc_syscall32+0x34/0x40
Jun 5 12:19:34 aurora kernel: Caller[00000000705ca244]: 0x705ca244
Jun 5 12:19:34 aurora kernel: Instruction DUMP: d4722008 d4722010 d4722018 <d4722020> d4722028 d4722030 d4722038 98a32040 124ffff6
Jun 5 12:19:34 aurora kernel: Kernel panic - not syncing: Aiee, killing interrupt handler!
Jun 5 12:19:34 aurora kernel: TSTATE: 0000009911f09600 TPC: 000000000044c6d0 TNPC: 000000000044c6d4 Y: 00000000 Not tainted
Jun 5 12:19:34 aurora kernel: TPC: <do_syslog+0xf0/0x440>
Jun 5 12:19:34 aurora kernel: g0: fffff8002ae7b371 g1: 0000000000000002 g2: 0000000000000000 g3: 0000000000000000
Jun 5 12:19:34 aurora kernel: g4: fffff8001b3b6d60 g5: fffff8000035c000 g6: fffff8002ae78000 g7: 0000000000000001
Jun 5 12:19:34 aurora kernel: o0: 000000000064b9b0 o1: 0000000000007fff o2: 000000000000cb8f o3: 000000000000cb8f
Jun 5 12:19:34 aurora kernel: o4: 00000000006efbe8 o5: 0000000000000001 sp: fffff8002ae7b331 ret_pc: 000000000044c6fc
Jun 5 12:19:34 aurora kernel: RPC: <do_syslog+0x11c/0x440>
Jun 5 12:19:34 aurora kernel: l0: 000000000000076a l1: 00000000006f7800 l2: 000000000064b800 l3: 000000000064b800
Jun 5 12:19:34 aurora kernel: l4: 00000000006f7800 l5: 000000000064b800 l6: 000000000064b800 l7: 0000000000000008
Jun 5 12:19:34 aurora kernel: i0: 0000000000000000 i1: 0000000000026a2a i2: 0000000000000fff i3: 0000000000004000
Jun 5 12:19:34 aurora kernel: i4: 0000000000040000 i5: 0000000030300031 i6: fffff8002ae7b451 i7: 00000000004c9d60
Jun 5 12:19:34 aurora kernel: I7: <kmsg_read+0x40/0x60>
Jun 5 12:20:01 aurora /USR/SBIN/CRON[21537]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then /usr/bin/mrtg /etc/mrtg.cfg >> /var/log/mrtg/mrtg.log 2>&1; fi)
Jun 5 12:27:28 aurora syslogd 1.4.1#10: restart.
--=-=-=--
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: ipt_recent && spamd (!?) && kernel panic 2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson @ 2005-06-08 19:04 ` David S. Miller 2005-06-08 19:42 ` Turbo Fredriksson ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: David S. Miller @ 2005-06-08 19:04 UTC (permalink / raw) To: sparclinux From: Turbo Fredriksson <turbo@swe.net> Date: Wed, 08 Jun 2005 09:34:00 +0200 > I'm not exactly sure WHERE the problem is (the panic mentions > spamd - spamassassin daemon), but I can't see what that can > do to cause this: The crash clearly shows that it's a bzero() call made by the match() function in ipt_recent.c of the kernel. What ipt_recent rules do you have loaded? ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: ipt_recent && spamd (!?) && kernel panic 2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson 2005-06-08 19:04 ` David S. Miller @ 2005-06-08 19:42 ` Turbo Fredriksson 2005-06-14 1:31 ` David S. Miller 2005-07-04 9:49 ` Turbo Fredriksson 3 siblings, 0 replies; 5+ messages in thread From: Turbo Fredriksson @ 2005-06-08 19:42 UTC (permalink / raw) To: sparclinux --=-=- >>>>> "David" = David S Miller <davem@davemloft.net> writes: David> From: Turbo Fredriksson <turbo@swe.net> Date: Wed, 08 Jun David> 2005 09:34:00 +0200 >> I'm not exactly sure WHERE the problem is (the panic mentions >> spamd - spamassassin daemon), but I can't see what that can do >> to cause this: David> The crash clearly shows that it's a bzero() call made by David> the match() function in ipt_recent.c of the kernel. David> What ipt_recent rules do you have loaded? Included the FULL list that I _WANT_ to run. I disabled spamassassin and qmail, flushed the tables and loaded the REAL table rules, did 'iptables -L -n' down to this file and then loaded the one I'm running now (almost the same, just without the ipt_recent stuff)... All in a oneliner to minimize the risk of crash :) [I thought about obfuscate it, but thought against it. 'Everyone' already know about my machines :)] --=-=-Content-Disposition: inline; filename=iptables.txt Content-Description: iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:67 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:67 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:772 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:772 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:69 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:69 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:111 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:111 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:161 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:161 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:162 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:162 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:389 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:389 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:636 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:636 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:749 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:749 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:783 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:783 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:873 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:873 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:3306 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:3306 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:2988 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:2988 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:3000 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:3000 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:9101 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:9101 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:9102 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:9102 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:9103 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:9103 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:3551 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:3551 ACCEPT tcp -- 212.214.70.0/24 212.214.70.50 tcp dpt:6544 ACCEPT udp -- 212.214.70.0/24 212.214.70.50 udp dpt:6544 ACCEPT tcp -- 82.182.174.117 212.214.70.50 ACCEPT udp -- 82.182.174.117 212.214.70.50 tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH SSH_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SSHLOG flags 0 level 4 prefix `SSH_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW recent: SET name: TELNET TELNET_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNETLOG flags 0 level 4 prefix `TELNET_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNET tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW recent: SET name: KRB5 KRB5_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5LOG flags 0 level 4 prefix `KRB5_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5 tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW recent: SET name: RTELNET RTELNET_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RTELNETLOG flags 0 level 4 prefix `RTELNET_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:107 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RTELNET tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW recent: SET name: LDAP LDAP_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAPLOG flags 0 level 4 prefix `LDAP_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW recent: SET name: RLOGIN RLOGIN_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RLOGINLOG flags 0 level 4 prefix `RLOGIN_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:543 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: RLOGIN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW recent: SET name: LDAPS LDAPS_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAPSLOG flags 0 level 4 prefix `LDAPS_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: LDAPS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW recent: SET name: KRB5ADM KRB5ADM_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5ADMLOG flags 0 level 4 prefix `KRB5ADM_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5ADM tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW recent: SET name: KRB5AUTH KRB5AUTH_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5AUTHLOG flags 0 level 4 prefix `KRB5AUTH_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:751 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: KRB5AUTH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW recent: SET name: TELNETS TELNETS_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNETSLOG flags 0 level 4 prefix `TELNETS_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:992 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: TELNETS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW recent: SET name: EKLOGIN EKLOGIN_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: EKLOGINLOG flags 0 level 4 prefix `EKLOGIN_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2105 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: EKLOGIN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW recent: SET name: MYSQL MYSQL_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: MYSQLLOG flags 0 level 4 prefix `MYSQL_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: MYSQL tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW recent: SET name: PGSQL PGSQL_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: PGSQLLOG flags 0 level 4 prefix `PGSQL_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: PGSQL tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW recent: SET name: SQUID SQUID_WHITELIST tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SQUIDLOG flags 0 level 4 prefix `SQUID_brute_force' DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 state NEW recent: UPDATE seconds: 60 hit_count: 4 TTL-Match name: SQUID REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:0:19 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:26:52 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:54:79 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:81:87 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:89:109 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:111 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:115:142 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:144:442 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:444:542 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:545:627 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:629:992 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:994 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpts:996:1023 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3306 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:6000 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3128 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3551 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:3000 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:4000 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:6544 reject-with tcp-reset REJECT tcp -- 0.0.0.0/0 212.214.70.50 tcp dpt:8180 reject-with tcp-reset DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:0:19 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:26:52 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:54:79 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:81:87 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:89:109 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:111 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:115:142 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:144:442 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:444:542 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:545:627 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:629:992 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:994 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpts:996:1023 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3306 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:6000 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3128 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3551 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:3000 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:4000 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:6544 DROP udp -- 0.0.0.0/0 212.214.70.50 udp dpt:8180 REJECT tcp -- 202.141.1.0/24 212.214.70.50 reject-with tcp-reset DROP udp -- 202.141.1.0/24 212.214.70.50 REJECT tcp -- 212.211.81.19 212.214.70.50 reject-with tcp-reset DROP udp -- 212.211.81.19 212.214.70.50 REJECT tcp -- 212.211.89.9 212.214.70.50 reject-with tcp-reset DROP udp -- 212.211.89.9 212.214.70.50 REJECT tcp -- 213.7.186.208 212.214.70.50 reject-with tcp-reset DROP udp -- 213.7.186.208 212.214.70.50 REJECT tcp -- 24.62.47.212 212.214.70.50 reject-with tcp-reset DROP udp -- 24.62.47.212 212.214.70.50 REJECT tcp -- 64.195.6.8 212.214.70.50 reject-with tcp-reset DROP udp -- 64.195.6.8 212.214.70.50 REJECT tcp -- 68.14.75.78 212.214.70.50 reject-with tcp-reset DROP udp -- 68.14.75.78 212.214.70.50 REJECT tcp -- 195.232.52.49 212.214.70.50 reject-with tcp-reset DROP udp -- 195.232.52.49 212.214.70.50 REJECT tcp -- 218.154.16.196 212.214.70.50 reject-with tcp-reset DROP udp -- 218.154.16.196 212.214.70.50 REJECT tcp -- 195.116.71.42 212.214.70.50 reject-with tcp-reset DROP udp -- 195.116.71.42 212.214.70.50 REJECT tcp -- 64.146.105.187 212.214.70.50 reject-with tcp-reset DROP udp -- 64.146.105.187 212.214.70.50 REJECT tcp -- 193.224.154.0/24 212.214.70.50 reject-with tcp-reset DROP udp -- 193.224.154.0/24 212.214.70.50 REJECT tcp -- 212.95.82.54 212.214.70.50 reject-with tcp-reset DROP udp -- 212.95.82.54 212.214.70.50 REJECT tcp -- 62.233.205.186 212.214.70.50 reject-with tcp-reset DROP udp -- 62.233.205.186 212.214.70.50 REJECT tcp -- 212.213.244.120 212.214.70.50 reject-with tcp-reset DROP udp -- 212.213.244.120 212.214.70.50 REJECT tcp -- 172.128.0.0/10 212.214.70.50 reject-with tcp-reset DROP udp -- 172.128.0.0/10 212.214.70.50 REJECT tcp -- 24.30.145.242 212.214.70.50 reject-with tcp-reset DROP udp -- 24.30.145.242 212.214.70.50 REJECT tcp -- 211.220.19.245 212.214.70.50 reject-with tcp-reset DROP udp -- 211.220.19.245 212.214.70.50 REJECT tcp -- 67.109.54.39 212.214.70.50 reject-with tcp-reset DROP udp -- 67.109.54.39 212.214.70.50 REJECT tcp -- 203.131.147.240 212.214.70.50 reject-with tcp-reset DROP udp -- 203.131.147.240 212.214.70.50 REJECT tcp -- 165.165.252.86 212.214.70.50 reject-with tcp-reset DROP udp -- 165.165.252.86 212.214.70.50 REJECT tcp -- 64.222.46.60 212.214.70.50 reject-with tcp-reset DROP udp -- 64.222.46.60 212.214.70.50 REJECT tcp -- 65.42.84.121 212.214.70.50 reject-with tcp-reset DROP udp -- 65.42.84.121 212.214.70.50 REJECT tcp -- 212.194.21.170 212.214.70.50 reject-with tcp-reset DROP udp -- 212.194.21.170 212.214.70.50 REJECT tcp -- 24.100.215.155 212.214.70.50 reject-with tcp-reset DROP udp -- 24.100.215.155 212.214.70.50 REJECT tcp -- 221.163.10.3 212.214.70.50 reject-with tcp-reset DROP udp -- 221.163.10.3 212.214.70.50 REJECT tcp -- 81.128.121.175 212.214.70.50 reject-with tcp-reset DROP udp -- 81.128.121.175 212.214.70.50 REJECT tcp -- 81.217.6.84 212.214.70.50 reject-with tcp-reset DROP udp -- 81.217.6.84 212.214.70.50 REJECT tcp -- 64.222.163.237 212.214.70.50 reject-with tcp-reset DROP udp -- 64.222.163.237 212.214.70.50 REJECT tcp -- 219.137.1.148 212.214.70.50 reject-with tcp-reset DROP udp -- 219.137.1.148 212.214.70.50 REJECT tcp -- 213.42.2.180 212.214.70.50 reject-with tcp-reset DROP udp -- 213.42.2.180 212.214.70.50 REJECT tcp -- 68.236.193.231 212.214.70.50 reject-with tcp-reset DROP udp -- 68.236.193.231 212.214.70.50 REJECT tcp -- 193.203.244.210 212.214.70.50 reject-with tcp-reset DROP udp -- 193.203.244.210 212.214.70.50 REJECT tcp -- 212.143.119.26 212.214.70.50 reject-with tcp-reset DROP udp -- 212.143.119.26 212.214.70.50 REJECT tcp -- 82.48.13.9 212.214.70.50 reject-with tcp-reset DROP udp -- 82.48.13.9 212.214.70.50 REJECT tcp -- 61.249.50.44 212.214.70.50 reject-with tcp-reset DROP udp -- 61.249.50.44 212.214.70.50 REJECT tcp -- 218.170.103.209 212.214.70.50 reject-with tcp-reset DROP udp -- 218.170.103.209 212.214.70.50 REJECT tcp -- 62.30.182.119 212.214.70.50 reject-with tcp-reset DROP udp -- 62.30.182.119 212.214.70.50 REJECT tcp -- 24.87.47.181 212.214.70.50 reject-with tcp-reset DROP udp -- 24.87.47.181 212.214.70.50 REJECT tcp -- 64.223.155.75 212.214.70.50 reject-with tcp-reset DROP udp -- 64.223.155.75 212.214.70.50 REJECT tcp -- 221.140.69.144 212.214.70.50 reject-with tcp-reset DROP udp -- 221.140.69.144 212.214.70.50 REJECT tcp -- 218.148.110.156 212.214.70.50 reject-with tcp-reset DROP udp -- 218.148.110.156 212.214.70.50 REJECT tcp -- 64.222.46.178 212.214.70.50 reject-with tcp-reset DROP udp -- 64.222.46.178 212.214.70.50 REJECT tcp -- 24.165.209.70 212.214.70.50 reject-with tcp-reset DROP udp -- 24.165.209.70 212.214.70.50 REJECT tcp -- 220.65.59.77 212.214.70.50 reject-with tcp-reset DROP udp -- 220.65.59.77 212.214.70.50 REJECT tcp -- 63.159.12.141 212.214.70.50 reject-with tcp-reset DROP udp -- 63.159.12.141 212.214.70.50 REJECT tcp -- 220.91.136.228 212.214.70.50 reject-with tcp-reset DROP udp -- 220.91.136.228 212.214.70.50 REJECT tcp -- 210.219.250.124 212.214.70.50 reject-with tcp-reset DROP udp -- 210.219.250.124 212.214.70.50 REJECT tcp -- 211.214.35.170 212.214.70.50 reject-with tcp-reset DROP udp -- 211.214.35.170 212.214.70.50 REJECT tcp -- 212.119.176.194 212.214.70.50 reject-with tcp-reset DROP udp -- 212.119.176.194 212.214.70.50 REJECT tcp -- 217.160.240.131 212.214.70.50 reject-with tcp-reset DROP udp -- 217.160.240.131 212.214.70.50 REJECT tcp -- 218.149.164.73 212.214.70.50 reject-with tcp-reset DROP udp -- 218.149.164.73 212.214.70.50 REJECT tcp -- 69.67.166.74 212.214.70.50 reject-with tcp-reset DROP udp -- 69.67.166.74 212.214.70.50 REJECT tcp -- 222.64.0.0/13 212.214.70.50 reject-with tcp-reset DROP udp -- 222.64.0.0/13 212.214.70.50 REJECT tcp -- 222.72.0.0/15 212.214.70.50 reject-with tcp-reset DROP udp -- 222.72.0.0/15 212.214.70.50 REJECT tcp -- 202.108.181.0/24 212.214.70.50 reject-with tcp-reset DROP udp -- 202.108.181.0/24 212.214.70.50 REJECT tcp -- 221.224.0.0/13 212.214.70.50 reject-with tcp-reset DROP udp -- 221.224.0.0/13 212.214.70.50 REJECT tcp -- 218.78.0.0/15 212.214.70.50 reject-with tcp-reset DROP udp -- 218.78.0.0/15 212.214.70.50 REJECT tcp -- 218.80.0.0/14 212.214.70.50 reject-with tcp-reset DROP udp -- 218.80.0.0/14 212.214.70.50 REJECT tcp -- 211.252.198.222 212.214.70.50 reject-with tcp-reset DROP udp -- 211.252.198.222 212.214.70.50 REJECT tcp -- 200.80.38.1 212.214.70.50 reject-with tcp-reset DROP udp -- 200.80.38.1 212.214.70.50 REJECT tcp -- 194.137.97.98 212.214.70.50 reject-with tcp-reset DROP udp -- 194.137.97.98 212.214.70.50 REJECT tcp -- 172.191.135.86 212.214.70.50 reject-with tcp-reset DROP udp -- 172.191.135.86 212.214.70.50 REJECT tcp -- 220.88.0.0/13 212.214.70.50 reject-with tcp-reset DROP udp -- 220.88.0.0/13 212.214.70.50 REJECT tcp -- 221.0.0.0/8 212.214.70.50 reject-with tcp-reset DROP udp -- 221.0.0.0/8 212.214.70.50 REJECT tcp -- 217.83.176.188 212.214.70.50 reject-with tcp-reset DROP udp -- 217.83.176.188 212.214.70.50 REJECT tcp -- 220.95.232.11 212.214.70.50 reject-with tcp-reset DROP udp -- 220.95.232.11 212.214.70.50 REJECT tcp -- 68.142.251.0/24 212.214.70.50 reject-with tcp-reset DROP udp -- 68.142.251.0/24 212.214.70.50 REJECT tcp -- 82.105.20.18 212.214.70.50 reject-with tcp-reset DROP udp -- 82.105.20.18 212.214.70.50 REJECT tcp -- 211.114.170.161 212.214.70.50 reject-with tcp-reset DROP udp -- 211.114.170.161 212.214.70.50 REJECT tcp -- 68.142.249.0/24 212.214.70.50 reject-with tcp-reset DROP udp -- 68.142.249.0/24 212.214.70.50 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain EKLOGIN_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: EKLOGIN ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: EKLOGIN ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: EKLOGIN Chain KRB5ADM_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: KRB5ADM ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: KRB5ADM ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: KRB5ADM Chain KRB5AUTH_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: KRB5AUTH ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: KRB5AUTH ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: KRB5AUTH Chain KRB5_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: KRB5 ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: KRB5 ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: KRB5 Chain LDAPS_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: LDAPS ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: LDAPS ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: LDAPS Chain LDAP_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: LDAP ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: LDAP ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: LDAP Chain MYSQL_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: MYSQL ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: MYSQL ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: MYSQL Chain PGSQL_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: PGSQL ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: PGSQL ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: PGSQL Chain RLOGIN_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: RLOGIN ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: RLOGIN ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: RLOGIN Chain RTELNET_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: RTELNET ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: RTELNET ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: RTELNET Chain SQUID_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: SQUID ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: SQUID ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: SQUID Chain SSH_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: SSH ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: SSH ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: SSH Chain TELNETS_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: TELNETS ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: TELNETS ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: TELNETS Chain TELNET_WHITELIST (1 references) target prot opt source destination ACCEPT all -- 127.0.0.1 212.214.70.50 recent: REMOVE name: TELNET ACCEPT all -- 212.214.70.50 212.214.70.50 recent: REMOVE name: TELNET ACCEPT all -- 82.182.174.117 212.214.70.50 recent: REMOVE name: TELNET --=-=-=-- ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: ipt_recent && spamd (!?) && kernel panic 2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson 2005-06-08 19:04 ` David S. Miller 2005-06-08 19:42 ` Turbo Fredriksson @ 2005-06-14 1:31 ` David S. Miller 2005-07-04 9:49 ` Turbo Fredriksson 3 siblings, 0 replies; 5+ messages in thread From: David S. Miller @ 2005-06-14 1:31 UTC (permalink / raw) To: sparclinux You're not the only person seeing this. Here is a temp fix: From: Juergen Kreileder <jk@blackdown.de> I've had some ipt_recent rules acting strangely after an uptime of about 25 days. The broken behavior is reproducible in the 5 minutes before the first jiffies roll-over right after booting too. The cause of the problem is the jiffies comparision which doesn't work like intended if one of the last hits was more than LONG_MAX seconds ago or if the table of last hits contains empty slots and jiffies is > LONG_MAX. This patch fixes the problem by using get_seconds() instead of jiffies. It also fixes some 64-bit issues. Signed-off-by: Juergen Kreileder <jk@blackdown.de> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@osdl.org> --- include/linux/netfilter_ipv4/ipt_recent.h | 2 +- net/ipv4/netfilter/ipt_recent.c | 21 +++++++++++---------- 2 files changed, 12 insertions(+), 11 deletions(-) diff -puN include/linux/netfilter_ipv4/ipt_recent.h~ipt_recent-fixes include/linux/netfilter_ipv4/ipt_recent.h --- 25/include/linux/netfilter_ipv4/ipt_recent.h~ipt_recent-fixes 2005-05-09 18:08:27.000000000 -0700 +++ 25-akpm/include/linux/netfilter_ipv4/ipt_recent.h 2005-05-09 18:08:27.000000000 -0700 @@ -2,7 +2,7 @@ #define _IPT_RECENT_H #define RECENT_NAME "ipt_recent" -#define RECENT_VER "v0.3.1" +#define RECENT_VER "v0.3.2" #define IPT_RECENT_CHECK 1 #define IPT_RECENT_SET 2 diff -puN net/ipv4/netfilter/ipt_recent.c~ipt_recent-fixes net/ipv4/netfilter/ipt_recent.c --- 25/net/ipv4/netfilter/ipt_recent.c~ipt_recent-fixes 2005-05-09 18:08:27.000000000 -0700 +++ 25-akpm/net/ipv4/netfilter/ipt_recent.c 2005-05-09 18:08:27.000000000 -0700 @@ -15,6 +15,7 @@ #include <linux/ctype.h> #include <linux/ip.h> #include <linux/vmalloc.h> +#include <linux/time.h> #include <linux/moduleparam.h> #include <linux/netfilter_ipv4/ip_tables.h> @@ -64,7 +65,7 @@ struct recent_ip_list { struct time_info_list { u_int32_t position; - u_int32_t time; + unsigned long time; }; /* Structure of our linked list of tables of recent lists. */ @@ -223,7 +224,7 @@ static int ip_recent_ctrl(struct file *f curr_table->table[count].last_seen = 0; curr_table->table[count].addr = 0; curr_table->table[count].ttl = 0; - memset(curr_table->table[count].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t)); + memset(curr_table->table[count].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long)); curr_table->table[count].oldest_pkt = 0; curr_table->table[count].time_pos = 0; curr_table->time_info[count].position = count; @@ -418,8 +419,8 @@ match(const struct sk_buff *skb, if(debug) printk(KERN_INFO RECENT_NAME ": match(): checking table, addr: %u, ttl: %u, orig_ttl: %u\n",addr,ttl,skb->nh.iph->ttl); #endif - /* Get jiffies now in case they changed while we were waiting for a lock */ - now = jiffies; + /* Get time now in case it changed while we were waiting for a lock */ + now = get_seconds(); hash_table = curr_table->hash_table; time_info = curr_table->time_info; @@ -502,7 +503,7 @@ match(const struct sk_buff *skb, location = time_info[curr_table->time_pos].position; hash_table[r_list[location].hash_entry] = -1; hash_table[hash_result] = location; - memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t)); + memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long)); r_list[location].time_pos = curr_table->time_pos; r_list[location].addr = addr; r_list[location].ttl = ttl; @@ -528,11 +529,11 @@ match(const struct sk_buff *skb, if(info->check_set & IPT_RECENT_CHECK || info->check_set & IPT_RECENT_UPDATE) { if(!info->seconds && !info->hit_count) ans = !info->invert; else ans = info->invert; if(info->seconds && !info->hit_count) { - if(time_before_eq(now,r_list[location].last_seen+info->seconds*HZ)) ans = !info->invert; else ans = info->invert; + if(now <= r_list[location].last_seen+info->seconds) ans = !info->invert; else ans = info->invert; } if(info->seconds && info->hit_count) { for(pkt_count = 0, hits_found = 0; pkt_count < ip_pkt_list_tot; pkt_count++) { - if(time_before_eq(now,r_list[location].last_pkts[pkt_count]+info->seconds*HZ)) hits_found++; + if(now <= r_list[location].last_pkts[pkt_count]+info->seconds) hits_found++; } if(hits_found >= info->hit_count) ans = !info->invert; else ans = info->invert; } @@ -631,7 +632,7 @@ match(const struct sk_buff *skb, r_list[location].last_seen = 0; r_list[location].addr = 0; r_list[location].ttl = 0; - memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(u_int32_t)); + memset(r_list[location].last_pkts,0,ip_pkt_list_tot*sizeof(unsigned long)); r_list[location].oldest_pkt = 0; ans = !info->invert; } @@ -734,10 +735,10 @@ checkentry(const char *tablename, memset(curr_table->table,0,sizeof(struct recent_ip_list)*ip_list_tot); #ifdef DEBUG if(debug) printk(KERN_INFO RECENT_NAME ": checkentry: Allocating %d for pkt_list.\n", - sizeof(u_int32_t)*ip_pkt_list_tot*ip_list_tot); + sizeof(unsigned long)*ip_pkt_list_tot*ip_list_tot); #endif - hold = vmalloc(sizeof(u_int32_t)*ip_pkt_list_tot*ip_list_tot); + hold = vmalloc(sizeof(unsigned long)*ip_pkt_list_tot*ip_list_tot); #ifdef DEBUG if(debug) printk(KERN_INFO RECENT_NAME ": checkentry: After pkt_list allocation.\n"); #endif _ ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: ipt_recent && spamd (!?) && kernel panic 2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson ` (2 preceding siblings ...) 2005-06-14 1:31 ` David S. Miller @ 2005-07-04 9:49 ` Turbo Fredriksson 3 siblings, 0 replies; 5+ messages in thread From: Turbo Fredriksson @ 2005-07-04 9:49 UTC (permalink / raw) To: sparclinux >>>>> "David" = David S Miller <davem@davemloft.net> writes: David> You're not the only person seeing this. David> Here is a temp fix: Sorry for not replying sooner, but I didn't want to reboot for this fix alone. But this morning I needed to rearrange the disks and add some more memory, so I took the opportunity to upgrade the kernel as well... I've now been running with this patch for about ten minutes, and so far so good. I.e. the kernel haven't crashed yet :) So it seems that the fix works for me to... Thanx! ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-07-04 9:49 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-06-08 7:34 ipt_recent && spamd (!?) && kernel panic Turbo Fredriksson 2005-06-08 19:04 ` David S. Miller 2005-06-08 19:42 ` Turbo Fredriksson 2005-06-14 1:31 ` David S. Miller 2005-07-04 9:49 ` Turbo Fredriksson
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.