installing ipsets

installing ipsets

[Pollywog]

I am running Debian Sarge and I have just installed iptables following the 
instructions at http://ipset.netfilter.org/   This documentation does not say 
whether I need to remove the iptables package provided by Debian, but I would 
guess this is necessary.  It appears the iptables version I downloaded from 
the ipsets homepage is a newer version of iptables than what is present in 
Debian Sarge but if I remove the Debian iptables package, I will need to put 
a dummy package in its place so as not to cause shorewall to be removed.

Does the old package need to be removed?


thanks

Re: installing ipsets

[Martijn Lievaart]

Pollywog wrote:

>I am running Debian Sarge and I have just installed iptables following the 
>instructions at http://ipset.netfilter.org/   This documentation does not say 
>whether I need to remove the iptables package provided by Debian, but I would 
>guess this is necessary.  It appears the iptables version I downloaded from 
>the ipsets homepage is a newer version of iptables than what is present in 
>Debian Sarge but if I remove the Debian iptables package, I will need to put 
>a dummy package in its place so as not to cause shorewall to be removed.
>
>Does the old package need to be removed?
>  
>

You can install the new package next to the old one (f.i. in /usr/local) 
but I would look at packaging the new version. As you have the old 
package, this should be relatively trivial.

M4

maximum tuple support of hashlimit

[Manish Jain]

Hello Friends,

I am using hashlimit with hashlimit-mode as srcip-dstip. My expectation is
to have hashlimit for source-ip and destination ip tuple.

My question is, how many tuple, hashlimit can manage at any instance of
time?

Best Regards,
Manish Jain

RE: maximum tuple support of hashlimit

[Pablo Sanchez]

 

> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org 
> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of 
> Manish Jain
> Sent: Tuesday, October 31, 2006 4:59 AM
> To: netfilter@lists.netfilter.org
> Subject: maximum tuple support of hashlimit
> 
> Hello Friends,
> 
> I am using hashlimit with hashlimit-mode as srcip-dstip. My 
> expectation is
> to have hashlimit for source-ip and destination ip tuple.
> 
> My question is, how many tuple, hashlimit can manage at any 
> instance of
> time?

Hi,

I'm not entirely sure about your question.  The 'man iptables' shows for
'hashlimit' the following two tunable parameters which may address your
question(?):

       --hashlimit-htable-size num
              The number of buckets of the hash table

       --hashlimit-htable-max num
              Maximum entries in the hash

Cheers,
---
Pablo Sanchez - Blueoak Database Engineering, Inc
Ph:    819.459.1926          Toll free:  888.459.1926
Cell:  819.918.9731                Pgr:  pablo_p@blueoakdb.com
Fax:   603.720.7723 (US)

Use of set-counters option of iptables

[Manish Jain]

Hello Friends,

What is the use of set-counters option of iptables ?

Basically I wish to generate 1 ULOG/LOG message if I receive 20,000 packets
in a minute.

Best Regards,
Manish Jain