Can iptables block TCP RST packets only?
in [UK Linux]
|
Prev: Compiling WiFi driver
Next: Curl RTE only runs as root
From: Darren Salt on 25 Feb 2010 11:59 I demand that James Taylor may or may not have written... > Darren Salt wrote: >> James Taylor wrote" >>> Precise use of terms is always preferable but rarely can you defeat the >>> tide of common usage. If "firewall" is an inappropriate term, what would >>> you describe iptables as? You could probably call it a "packet filter" >>> with reasonable accuracy, but that term seems even more vague. >> It isn't that either. >> It's a convenient utility for viewing and altering netfilter's IPv4 >> configuration. > Aha, yes of course, but then the question becomes what to call netfilter? See http://www.netfilter.org/ ;-) > PS. Hi Darren, its a small world, in Usenet land anyway. Are you still > using RISC OS, or are you entirely Linux now? The RISC OS hw's still here, but... > I had to abandon RISC OS (kicking and screaming) years ago when I left the > UK for a life of travelling with a laptop, and frankly I'm now rather glad > to be a Linux user, although I've never reclaimed on this platform the > assembler and GUI programming skill level I had on RISC OS. x86 asm I avoid. :-) -- | Darren Salt | linux at youmustbejoking | nr. Ashington, | Doon | using Debian GNU/Linux | or ds ,demon,co,uk | Northumberland | Army | + http://wiki.debian.org/DebianEeePC/ You will be surrounded by luxury.
From: James Taylor on 25 Feb 2010 12:33 Darren Salt wrote: > x86 asm I avoid. :-) Too right! -- James Taylor
From: alexd on 25 Feb 2010 17:01 On Thu, 25 Feb 2010 00:47:35 +0000, Tom Anderson wrote: > On Wed, 24 Feb 2010, James Taylor wrote: >> Is IPsec over UDP a recent innovation or has it always been part of the >> way IPsec works? > > Pass. The Cisco VPN client has done it for ages, and it's possible it's > largely a Ciscoism, although i believe it is a standard. I've seen port 4500/UDP used by other vendor's VPN clients. I believe it's referred to as IPSEC NAT-T. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm(a)ale.cx) 21:59:00 up 10 days, 2:50, 5 users, load average: 0.03, 0.03, 0.00 DIMENSION-CONTROLLING FORT DOH HAS NOW BEEN DEMOLISHED, AND TIME STARTED FLOWING REVERSELY
From: Tom Anderson on 25 Feb 2010 18:29
On Thu, 25 Feb 2010, James Taylor wrote: > Tom Anderson wrote: > >> James Taylor wrote: >> >>> That's an interesting approach. The question is how? Is there any software >>> I can get to automate this? Special wget or curl options? >> >> There are almost certainly wget or curl options for this. Man page time, >> i'm afraid. > > Hmmm, I don't remember seeing any for multi-server multi-connection downloads > but I will check. Ah, i was thinking more that if there are options for ranges and throttling, you could moderately trivially build a multi-connection downloader with shell script and arithmetic. > Another issue is that not all of the downloads are over HTTP. Some are > RTSP/RTMP and that may not be supported by either tool. Yhea, not the faintest idea how you could do something comparable with that! >>> Is there any way iptables can be used to throttle individual TCP flows? >> >> Pass. But there's definitely a throttle option on at least one of wget and >> curl. > > Hmmm, now that you mention it, I do recall seeing a throttling option in > one of them (wget I think). That could be useful. However, it would > certainly be much easier to throttle the downloads with iptables (or > some other filter utility) than it would be to hack the source code of > the downloader utility I'm using to replace every type of connection > with a wget/curl equivalent. Indeed that may not even be possible. Yes, if you can't easily extract a stream of URLs, a curl/wget approach isn't applicable. If a firewall won't do the throttling, you could try a proxy. Squid certainly does throttling. But apparently there's something called tc which is will do throttling in what seems to be an astonishingly configurable way. tom -- Miscellaneous Terrorists: Ducks | Bird Flu | Avian flu | Jimbo Wales | Backstreet Boys | The Al Queda Network | Tesco -- Uncyclopedia |