* RE: speed connection problem
2004-07-26 14:47 speed connection problem stephane durieux
@ 2004-07-26 13:06 ` Brent Clark
2004-07-26 13:27 ` Antony Stone
2004-07-27 4:41 ` Mark E. Donaldson
2 siblings, 0 replies; 4+ messages in thread
From: Brent Clark @ 2004-07-26 13:06 UTC (permalink / raw)
To: stephane durieux, netfilter
[-- Attachment #1: Type: text/plain, Size: 6391 bytes --]
Hi
Im also new to iptables and I think you are confusing the input and output
rules with the forward rule (I very much made that mistake). In your FW
rulset you are declaring that you have a imap, ftp, dns, etc literally
running on your box.
You need to use the forward rule to handle this for you.
I too have a adsl connection, and I dont have any performance loss and the
box I run iptables on is an
old pentium 100.
I have attached my current ruleset for your viewing. Please remember that im
also new to iptables soo it might not be
all that secure.
Kind Regards
Brent Clark
P.s. You may want to look at the default policy of DROP on all the chains
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of stephane
durieux
Sent: Monday, July 26, 2004 4:48 PM
To: netfilter@lists.netfilter.org
Subject: speed connection problem
Hi everybody,
I am a newbie using netfilter
So I am connected to internet through ppp0 (ADSL)
I have no servers running. But, I have tried to make customs rules for
each used protocols (smtp, pop3, dns, http, https, imap, ftp active and
passive) in input and output.
i have also to drop some Xmas packets and spoofing packets ( private
netwoaks range) .
So i have 40 rules listed (see below)
I have seen a big decrease of my speed connection using the firewall.
Nevertheless, the computer is an AMD athlon XP 1800+
How can I solve this problem. Is it due to my heavy configuration ?
I am afraid it will be worse if I install DMZ servers (http, ftp,
postfix, dns)
Have you got any suggestion ?
Thanks a lot.
Here is my (heavy) configuration
#!/bin/bash
case $1 in
start)
########################## REMISE A 0 DES CHAINES
iptables -F FORWARD
iptables -F OUTPUT
iptables -F INPUT
iptables -F syn-flood
iptables -X syn-flood
########################## FLUX ENTRANT
# ANTI SPOOFING
iptables -t filter -A INPUT -i ppp0 -p tcp -s 224.0.0.0/4 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 192.168.0.0/16 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 172.16.0.0/12 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 10.0.0.0/8 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 127.0.0.1/8 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 224.0.0.0/4 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 192.168.0.0/16 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 172.16.0.0/12 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 10.0.0.0/8 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 127.0.0.1/8 -j DROP
# SYN FLOODING
iptables -N syn-flood
iptables -A INPUT -i ppp0 -p tcp -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "SYN FLOOD"
iptables -A syn-flood -j DROP
# VERIF NOUVELLES CONNECTIONS ENTRANTES =SYN
iptables -t filter -A INPUT -i ppp0 -p tcp ! --syn -m state --state NEW
-j DROP
# ANTI Xmas packets
iptables -t filter -A INPUT -i ppp0 -p tcp --tcp-flags ALL ALL -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp --tcp-flags ALL NONE -j DROP
# DNS
iptables -t filter -A INPUT -i ppp0 -p udp --source-port 53 -m state
--state ESTABLISHED -j ACCEPT
# HTTP
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 80 -m state
--state ESTABLISHED -j ACCEPT
# HTTPS
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 443 -m state
--state ESTABLISHED -j ACCEPT
# ICMP
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type
destination-unreachable -j ACCEPT
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type time-exceeded -j
ACCEPT
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type source-quench -j
ACCEPT
# FTP
# port commande
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 21
--destination-port 1024: -m state --state ESTABLISHED -j ACCEPT
# mode actif : port data
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 20:
--destination-port 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
# mode passif : port data
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 1024:
--destination-port 1024: -m state --state ESTABLISHED -j ACCEPT
# SMTP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 25 -m state --state NEW,ESTABLISHED -j ACCEPT
# POP 3
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 110 -m state --state NEW,ESTABLISHED -j ACCEPT
# IMAP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -j DROP
########################## FLUX SORTANT
# DNS
iptables -t filter -A OUTPUT -o ppp0 -p udp --source-port 1024:
--destination-port 53 -m state --state NEW,ESTABLISHED -j ACCEPT
# HTTP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# HTTPS
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# ICMP
iptables -t filter -A OUTPUT -o ppp0 -p icmp --icmp-type echo-request -j
ACCEPT
# FTP
# port commande
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 21 -j ACCEPT
# mode actif : port data
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 20 -m state --state ESTABLISHED -j ACCEPT
# mode passif : port data
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
# SMTP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 25 -m state --state NEW,ESTABLISHED -j ACCEPT
# POP 3
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 110 -m state --state NEW,ESTABLISHED -j ACCEPT
# IMAP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A OUTPUT -j DROP
;;
stop)
iptables -t filter -F INPUT
[-- Attachment #2: IP_FW_RULES --]
[-- Type: application/octet-stream, Size: 5302 bytes --]
#/bin/sh
IPT=/sbin/iptables
# Rules for gateway
#Clear \ Flush all the rules from the different chains and tables
$IPT --flush
$IPT --flush INPUT #Flush the INPUT chain
$IPT --flush OUTPUT #Flush the OUTPUT chain
$IPT --flush FORWARD #Flush the FORWARD chain
$IPT -t nat --flush #Flush the nat table
$IPT -t mangle --flush #Flush the mangle table
$IPT --delete-chain #Delete any pre-existing chains
$IPT -t nat --delete-chain #Delete any pre-existing chains from nat table
$IPT -t mangle --delete-chain #Delete any pre-existing chains from the mangle table
#Setting the default Policies for the chains
$IPT --policy INPUT DROP #Setting the default policy for INPUT chain
$IPT --policy FORWARD DROP #Setting the default plicy for FORWARD chain
$IPT --policy OUTPUT DROP #Setting the default policy for the OUTPUT chain
#Create new chain
$IPT -N LOG_DROP #Create new chain
$IPT -N LOG_ACCEPT #Create new chain
#Accepting traffic for and to internal interface
$IPT -A INPUT -i lo -j ACCEPT #Allowing unlimited loopback traffic
$IPT -A OUTPUT -o lo -j ACCEPT #Allowing unlimited loopback traffic
###########################################################
#Stealth Scans and TCP state flags
#
# All of the bits are cleared
#/sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# SYN and FIN are both set
#/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# SYN and RST are both set
#/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# FIN and RST are both set
#/sbin/iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
# FIN is the only bit set, without the expected accompanying ACK
#/sbin/iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
# PSH is the only bit set, without the expected accompanying ACK
#/sbin/iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
# URG is the only bit set, without the expected accompanying ACK
#/sbin/iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
###########################################################
# Using Connection State to By-Pass checking
# Creating the rules
$IPT -t nat -A POSTROUTING -o eth0 -s 192.168.111.0/24 -j MASQUERADE
$IPT -t filter -A FORWARD -m state --state INVALID -j LOG --log-prefix "INVALID forward: "
$IPT -t filter -A FORWARD -m state --state INVALID -j DROP
$IPT -t filter -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A FORWARD -i eth1 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A INPUT -m state --state INVALID -j LOG --log-prefix "INVALID input: "
$IPT -t filter -A INPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A INPUT -i eth1 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A INPUT -i eth1 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A INPUT -i eth1 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A INPUT -p tcp --dport 113 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A INPUT -j LOG --log-prefix "[INPUT DROP]: " --log-tcp-options --log-ip-options
$IPT -t filter -A INPUT -j DROP
$IPT -t filter -A OUTPUT -m state --state INVALID -j LOG --log-prefix "INVALID output: "
$IPT -t filter -A OUTPUT -m state --state INVALID -j DROP
$IPT -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -t filter -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -t filter -A OUTPUT -o eth0 -j ACCEPT
$IPT -t filter -A OUTPUT -j LOG --log-prefix "[OUTPUT DROP]: " --log-tcp-options --log-ip-options
$IPT -t filter -A OUTPUT -j DROP
#############################################################
# Allowing me to ping from here and dealing in ICMP packets
$IPT -t filter -A INPUT -p icmp --icmp-type source-quench -j ACCEPT
$IPT -t filter -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT
$IPT -t filter -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
$IPT -t filter -A INPUT -i eth0 -p icmp --icmp-type time-exceeded -j ACCEPT
$IPT -t filter -A INPUT -i eth0 -p icmp --icmp-type ! echo-request -j LOG
############################################################
# Create some logging
#$IPT -t filter -A INPUT -j LOG_DROP
#$IPT -t filter -A OUTPUT -j LOG_DROP
#$IPT -t filter -A LOG_DROP -j LOG --log-prefix "[IPTABLES DROP]: " --log-tcp-options --log-ip-options
#$IPT -t filter -A LOG_DROP -j DROP
#$IPT -t filter -A LOG_ACCEPT -j LOG --log-prefix "[IPTABLES ACCEPT]: " --log-tcp-options --log-ip-options
#$IPT -t filter -A LOG_ACCEPT -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_dynaddr #
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians #Enable logging for malformed Ip Address
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: speed connection problem
2004-07-26 14:47 speed connection problem stephane durieux
2004-07-26 13:06 ` Brent Clark
@ 2004-07-26 13:27 ` Antony Stone
2004-07-27 4:41 ` Mark E. Donaldson
2 siblings, 0 replies; 4+ messages in thread
From: Antony Stone @ 2004-07-26 13:27 UTC (permalink / raw)
To: netfilter
On Monday 26 July 2004 3:47 pm, stephane durieux wrote:
> Hi everybody,
>
> I am a newbie using netfilter
I recommend two things:
1. Start simple, and build up the rules gradually.
2. Read Oskar Andreasson's tutorial at http://iptables-tutorial.frozentux.net
Regards,
Antony.
--
Wanted: telepath. You know where to apply.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 4+ messages in thread
* speed connection problem
@ 2004-07-26 14:47 stephane durieux
2004-07-26 13:06 ` Brent Clark
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: stephane durieux @ 2004-07-26 14:47 UTC (permalink / raw)
To: netfilter
Hi everybody,
I am a newbie using netfilter
So I am connected to internet through ppp0 (ADSL)
I have no servers running. But, I have tried to make customs rules for
each used protocols (smtp, pop3, dns, http, https, imap, ftp active and
passive) in input and output.
i have also to drop some Xmas packets and spoofing packets ( private
netwoaks range) .
So i have 40 rules listed (see below)
I have seen a big decrease of my speed connection using the firewall.
Nevertheless, the computer is an AMD athlon XP 1800+
How can I solve this problem. Is it due to my heavy configuration ?
I am afraid it will be worse if I install DMZ servers (http, ftp,
postfix, dns)
Have you got any suggestion ?
Thanks a lot.
Here is my (heavy) configuration
#!/bin/bash
case $1 in
start)
########################## REMISE A 0 DES CHAINES
iptables -F FORWARD
iptables -F OUTPUT
iptables -F INPUT
iptables -F syn-flood
iptables -X syn-flood
########################## FLUX ENTRANT
# ANTI SPOOFING
iptables -t filter -A INPUT -i ppp0 -p tcp -s 224.0.0.0/4 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 192.168.0.0/16 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 172.16.0.0/12 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 10.0.0.0/8 -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp -s 127.0.0.1/8 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 224.0.0.0/4 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 192.168.0.0/16 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 172.16.0.0/12 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 10.0.0.0/8 -j DROP
iptables -t filter -A INPUT -i ppp0 -p udp -s 127.0.0.1/8 -j DROP
# SYN FLOODING
iptables -N syn-flood
iptables -A INPUT -i ppp0 -p tcp -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "SYN FLOOD"
iptables -A syn-flood -j DROP
# VERIF NOUVELLES CONNECTIONS ENTRANTES =SYN
iptables -t filter -A INPUT -i ppp0 -p tcp ! --syn -m state --state NEW
-j DROP
# ANTI Xmas packets
iptables -t filter -A INPUT -i ppp0 -p tcp --tcp-flags ALL ALL -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp --tcp-flags ALL NONE -j DROP
# DNS
iptables -t filter -A INPUT -i ppp0 -p udp --source-port 53 -m state
--state ESTABLISHED -j ACCEPT
# HTTP
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 80 -m state
--state ESTABLISHED -j ACCEPT
# HTTPS
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 443 -m state
--state ESTABLISHED -j ACCEPT
# ICMP
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type
destination-unreachable -j ACCEPT
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type time-exceeded -j
ACCEPT
iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type source-quench -j
ACCEPT
# FTP
# port commande
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 21
--destination-port 1024: -m state --state ESTABLISHED -j ACCEPT
# mode actif : port data
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 20:
--destination-port 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
# mode passif : port data
iptables -t filter -A INPUT -i ppp0 -p tcp --source-port 1024:
--destination-port 1024: -m state --state ESTABLISHED -j ACCEPT
# SMTP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 25 -m state --state NEW,ESTABLISHED -j ACCEPT
# POP 3
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 110 -m state --state NEW,ESTABLISHED -j ACCEPT
# IMAP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -j DROP
########################## FLUX SORTANT
# DNS
iptables -t filter -A OUTPUT -o ppp0 -p udp --source-port 1024:
--destination-port 53 -m state --state NEW,ESTABLISHED -j ACCEPT
# HTTP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# HTTPS
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# ICMP
iptables -t filter -A OUTPUT -o ppp0 -p icmp --icmp-type echo-request -j
ACCEPT
# FTP
# port commande
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 21 -j ACCEPT
# mode actif : port data
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 20 -m state --state ESTABLISHED -j ACCEPT
# mode passif : port data
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
# SMTP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 25 -m state --state NEW,ESTABLISHED -j ACCEPT
# POP 3
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 110 -m state --state NEW,ESTABLISHED -j ACCEPT
# IMAP
iptables -t filter -A OUTPUT -o ppp0 -p tcp --source-port 1024:
--destination-port 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A OUTPUT -j DROP
;;
stop)
iptables -t filter -F INPUT
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: speed connection problem
2004-07-26 14:47 speed connection problem stephane durieux
2004-07-26 13:06 ` Brent Clark
2004-07-26 13:27 ` Antony Stone
@ 2004-07-27 4:41 ` Mark E. Donaldson
2 siblings, 0 replies; 4+ messages in thread
From: Mark E. Donaldson @ 2004-07-27 4:41 UTC (permalink / raw)
To: 'stephane durieux', netfilter
How can I solve this problem. Is it due to my heavy configuration ?
I am afraid it will be worse if I install DMZ servers (http, ftp, postfix,
dns)
Have you got any suggestion ?
Thanks a lot.
Here is my (heavy) configuration
This is not what I would call a heavy load Stephane. Your rig should handle
this without a blink. My netfilter/iptables firewall is also directly
connected to the internet via dsl (albeit with a static IP), with five
subnets behind it, including a DMZ with a mail relay, DNS server, web
server, squid proxy, etc, etc, blah, blah. My rule set stands at
approximately 2000 and my machine does not blink. So I suggest the slow down
might be something else. Suggestions and questions:
1. Run your firewall (temporarily of course) with no rules loaded and all
your default policies set to default so you can make some rate comparisons:
set_default_policy()
{
$IPT -F
$IPT -X
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
}
2. Your FTP rules need a little tuning. I can see these giving you some
problems with your ftp communication. Are you using ip_conntrack_ftp?
3. I notice you seem to favor source port 1024 on you output rules. I find
this a little hard to understand. Is there a reason for this?
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-07-27 4:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-26 14:47 speed connection problem stephane durieux
2004-07-26 13:06 ` Brent Clark
2004-07-26 13:27 ` Antony Stone
2004-07-27 4:41 ` Mark E. Donaldson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox