1281053246 Q * dowdle Remote host closed the connection 1281059245 Q * Piet Quit: Piet 1281059459 J * Piet ~Piet__@82VAAAOT1.tor-irc.dnsbl.oftc.net 1281060038 J * derjohn_foo ~aj@e180212002.adsl.alicedsl.de 1281060393 Q * Fire_Egl Quit: Leaving... 1281060470 Q * derjohn_mob Ping timeout: 480 seconds 1281060667 Q * Piet Quit: Piet 1281060986 J * Piet ~Piet__@82VAAAOUJ.tor-irc.dnsbl.oftc.net 1281062268 Q * derjohn_foo Ping timeout: 480 seconds 1281062758 Q * Piet Quit: Piet 1281062817 J * derjohn_foo aj@88.128.7.171 1281062914 J * Piet ~Piet__@82VAAAOU3.tor-irc.dnsbl.oftc.net 1281063614 J * balbir_ ~balbir@122.172.1.226 1281063646 J * SauLus_ ~SauLus@d064126.adsl.hansenet.de 1281064055 Q * SauLus Ping timeout: 480 seconds 1281064055 N * SauLus_ SauLus 1281065821 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1281067035 Q * Yellowcap Remote host closed the connection 1281067652 J * Yellowcap ~AlexBurns@ip-95-223-36-117.unitymediagroup.de 1281069543 M * Bertl off to bed now ... have a good one everyone! 1281069549 N * Bertl Bertl_zZ 1281072948 J * mtg ~mtg@port-87-193-189-26.static.qsc.de 1281073613 Q * derjohn_foo Ping timeout: 480 seconds 1281073637 J * derjohn_foo ~aj@g228048104.adsl.alicedsl.de 1281074192 Q * balbir_ Ping timeout: 480 seconds 1281074432 J * ncopa ~ncopa@180.40.189.109.customer.cdi.no 1281075945 Q * derjohn_foo Remote host closed the connection 1281076935 J * derjohn_mob ~aj@g228048104.adsl.alicedsl.de 1281077201 J * ghislain ~AQUEOS@adsl2.aqueos.com 1281079343 Q * derjohn_mob Ping timeout: 480 seconds 1281080191 J * petzsch ~markus@dslb-088-075-168-105.pools.arcor-ip.net 1281080520 Q * petzsch Quit: Leaving. 1281080561 J * petzsch ~markus@dslb-088-075-168-105.pools.arcor-ip.net 1281081461 J * balbir_ ~balbir@122.248.161.59 1281081750 J * AlexBurnsRED ~AlexBurns@ip-95-223-36-117.unitymediagroup.de 1281081750 Q * Yellowcap Read error: Connection reset by peer 1281083187 Q * petzsch Quit: Leaving. 1281084469 J * derjohn_mob ~aj@51.42.69.80.in-addr.net-lab.net 1281084593 J * petzsch ~markus@dslb-088-075-168-105.pools.arcor-ip.net 1281085002 J * sharkjaw ~gab@90.149.128.29 1281085613 J * ntrs ~ntrs@95.155.40.60 1281086881 Q * Romster Quit: Geeks shall inherit properties and methods of object earth. 1281087572 Q * balbir_ Ping timeout: 480 seconds 1281088429 J * balbir_ ~balbir@122.248.163.1 1281089200 M * kwowt hoi 1281090174 M * kwowt iptables rules order are important right? 1281090219 Q * ntrs Ping timeout: 480 seconds 1281090282 M * harry kwowt: yes 1281090323 M * kwowt so if i wanna add a rule to block all ports except lets say 22 1281090332 M * kwowt i need to add all rules before the DROP rule 1281090356 M * kwowt what if i choose to add another ACCEPT rule afterwards, i need to delete the DROP rule and re-add it? 1281090650 Q * balbir_ Ping timeout: 480 seconds 1281090801 M * ard iptables -L --line-numbers 1281090810 M * ard iptables -I 1281090859 M * ard I usually make a new - and let it jump to the new - 1281091195 M * harry if it matches, it aplies the rule 1281091201 M * harry only exception (afaik) is LOG 1281091224 M * harry if the first rule that matches is DROP, it's dropped 1281091233 M * harry further accepts are not matched 1281091262 M * harry if no rules match, the default policy is applied 1281091319 J * ksn ~ksn@41.151.42.131 1281091378 Q * sharkjaw Remote host closed the connection 1281091434 M * ard well, it's just like a program. It matches, or it doesn't. It then "executes" it's target, which might alter the flow. 1281091511 M * ard accept,drop,reject,goto are targets that will alter that flow :-) 1281091536 M * ard mark, log, ulog, and many others will not 1281091560 Q * ksn 1281091990 M * harry all actions are executed... mark sets a mark, log, logs... drop, drops 1281092000 M * harry and once you're dropped, ... well... you don't exist anymore :) 1281092011 M * harry once you're accepted, well... you passed 1281092016 M * harry so it all makes sense :) 1281092674 Q * ncopa Ping timeout: 480 seconds 1281092967 J * ncopa ~ncopa@180.40.189.109.customer.cdi.no 1281092984 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1281095779 J * ntrs ~ntrs@95.155.40.60 1281097413 M * AlexBurnsRED the fucking free images on your fucking download database is ALL BROKEN! 1281097418 M * AlexBurnsRED fuck off 1281097573 M * harry ? 1281097575 M * pmjdebruijn wrong channel? 1281097599 M * harry that, or pebcak 1281097600 M * harry ;) 1281097605 M * harry pebkac, sorry 1281098371 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net 1281098592 Q * AlexBurnsRED Remote host closed the connection 1281098606 J * Yellowcap ~AlexBurns@ip-95-223-36-117.unitymediagroup.de 1281098907 Q * ntrs Ping timeout: 480 seconds 1281099334 Q * Yellowcap Ping timeout: 480 seconds 1281099624 Q * Walex Remote host closed the connection 1281101312 J * dna ~dna@p54BCA448.dip0.t-ipconnect.de 1281102200 J * balbir_ ~balbir@122.172.1.226 1281103427 N * Bertl_zZ Bertl 1281103431 M * Bertl morning folks! 1281103623 Q * Romster Quit: Geeks shall inherit properties and methods of object earth. 1281104108 Q * harobed Ping timeout: 480 seconds 1281104273 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1281104958 J * dowdle ~dowdle@scott.coe.montana.edu 1281105014 M * petzsch moin Bertl: did you hear of Yellowcap again? did he manage his Conf** problem? 1281105092 M * sid3windr BULLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLSHIT 1281105186 M * _Shiva_ sid3windr: and don't forget: "14:23 < AlexBurnsRED> the fucking free images on your fucking download database is ALL BROKEN! - fuck off" :-) 1281105205 M * _Shiva_ same guy - different nick 1281105423 M * sid3windr oh is it :) 1281105427 M * sid3windr I didn't check 1281105439 M * sid3windr heheh it is =) 1281105568 M * petzsch what a douchebag ... people helping him for free or trying to and that's what you get. 1281105625 M * petzsch just came from the mailinglist: Debian 6.0 aka Squeeze has reached FREEZE state *party* 1281105668 M * _Shiva_ padde: yay! *cheer* ;-) 1281105684 M * _Shiva_ s/padde/petzsch/ 1281105699 M * padde *mumble mumble* 1281105717 M * sid3windr huhuh 1281105817 M * _Shiva_ ..and /only/ 1801 release critical bugs to fix... ;-) 1281105855 M * petzsch the longer it takes, the longer we have security updates for lenny 1281107090 M * sid3windr 1801? 1281107094 M * sid3windr I saw +- 500 last week 1281107106 M * sid3windr Number concerning the next release: 526 1281107813 J * dna_ ~dna@p54BC9B08.dip0.t-ipconnect.de 1281108155 Q * dna Ping timeout: 480 seconds 1281108172 J * dna__ ~dna@p54BC9BB4.dip0.t-ipconnect.de 1281108485 Q * derjohn_mob Ping timeout: 480 seconds 1281108605 Q * dna_ Ping timeout: 480 seconds 1281108646 J * dna ~dna@p54BC9BF2.dip0.t-ipconnect.de 1281109024 Q * dna__ Ping timeout: 480 seconds 1281109158 Q * ncopa Quit: Ex-Chat 1281110417 M * kwowt iptables -A OUTPUT -d 91.185.208.30 -p tcp -j ACCEPT 1281110419 M * kwowt iptables -A INPUT -d 91.185.208.30 -p tcp -i eth0 -j DROP 1281110427 M * kwowt should this block all outgoing traffic too? 1281110549 M * kwowt woops 1281110556 M * kwowt the first command with INPUT not OUTPUT 1281110613 M * kwowt some application has issues connecting to some url 1281111063 M * harry depends on connection tracking/other rules 1281111116 M * harry first rule accepts all input that has destination 91.185.208.30 1281111135 M * harry if the ip is not defined on eth0, it drops all packets 1281111150 M * harry (forget my first line) 1281111165 M * harry (but not completely) 1281111166 M * harry ;) 1281111194 A * harry is just wondering what you're trying to accomplish with those kinds of rules 1281111283 M * kwowt ehhh 1281111288 M * kwowt i screwed it up :p 1281111307 M * kwowt iptables -A INPUT -d IP -p udp --dport PORT -i eth0 -j ACCEPT 1281111316 M * kwowt iptables -A INPUT -d IP -p tcp -i eth0 -j DROP 1281111317 M * kwowt like this 1281111318 M * kwowt :) 1281111331 M * kwowt this should allow PORT and DROP all others right? 1281111337 M * kwowt but for incomming connections only 1281111340 M * kwowt if i understood correctly 1281111353 M * kwowt omfg i f*cked it up again 1281111356 M * kwowt i'm doing copy paste :p 1281111360 M * kwowt both are tcp 1281111407 M * harry unless you change IP to $IP and define it somewhere, or change it to an ip... ;) 1281111415 M * kwowt yea 1281111421 M * kwowt they're ips :p 1281111451 M * harry what you put there, accepts udp packets on port PORT (incoming) 1281111459 M * harry the second one blocks all tcp traffic 1281111462 M * kwowt i meant tcp 1281111464 M * kwowt in the first one 1281111468 M * harry ah... 1281111484 M * harry then yes, it accepts connections to "PORT" and rejects other tcp connections 1281111499 M * harry (it says nothing on icmp, udp,... packets...) 1281111507 M * harry they're unaffected 1281111514 M * kwowt ERROR] [NioProcessor-2] org.red5.server.service.Installer - Unable to connect to http://red5.googlecode.com/svn/snapshots/ 1281111514 M * kwowt [ERROR] [Red5_Scheduler_Worker-1] AVConference.Application - updateUsersList::Exception=java.net.ConnectException: Connection timed out 1281111518 M * kwowt i get this error 1281111520 M * kwowt from red5 1281111525 M * kwowt trying to connect to some http i guess 1281111535 M * kwowt whenever the firewall is on it gives this error 1281111539 M * harry what does "ip a" give you 1281111540 M * kwowt if its off it works perfectly 1281111547 M * kwowt in guest? 1281111547 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1281111555 M * kwowt or host 1281111562 M * harry mkay... you connect from where to where actually? 1281111571 M * kwowt well the firewall rules are on the host 1281111573 M * kwowt normally 1281111576 M * harry uhu 1281111579 M * kwowt but the problem is in the guest 1281111588 M * harry the ip is a guest ip? 1281111590 M * kwowt the firewall rules are set for the guest 1281111591 M * kwowt yea 1281111610 M * kwowt everything seems to work perfectly with these rules just this red5 thingie 1281111617 M * harry can you paste iptables -vnL somewhere? 1281111636 M * harry if it's not too "sensitive" off course 1281111645 M * kwowt no 1281111645 M * kwowt i will 1281111646 M * kwowt sec 1281111654 M * harry or maybe the IP is not on eth0? 1281111658 M * kwowt it is 1281111891 Q * mtg Quit: Verlassend 1281112129 Q * FireEgl Quit: Leaving... 1281113033 N * Bertl Bertl_oO 1281115090 Q * Chlorek Ping timeout: 480 seconds 1281115473 M * _Shiva_ kwowt: try adding: iptables -I INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT 1281116000 M * _Shiva_ ..526 (known) bugs to go.. 1281116016 M * _Shiva_ doh - wron channel ;-) 1281116430 M * kwowt _Shiva_, harry already explained 1281116434 M * kwowt thanks anyway ;) 1281116450 M * kwowt appreciate it! 1281116596 M * _Shiva_ kwowt: and did it help? 1281116604 M * kwowt yep 1281116606 M * kwowt that was it 1281116618 M * _Shiva_ kwowt: tnx for telling the channel ;-) 1281117038 J * dna_ ~dna@p54BC90E2.dip0.t-ipconnect.de 1281117297 J * dna__ ~dna@p54BC9063.dip0.t-ipconnect.de 1281117425 Q * dna Ping timeout: 480 seconds 1281117635 Q * dna_ Ping timeout: 480 seconds 1281119029 J * dna_ ~dna@p54BC8ECE.dip0.t-ipconnect.de 1281119035 J * ntrs ~ntrs@95.155.40.60 1281119239 J * dna ~dna@p54BC8EE6.dip0.t-ipconnect.de 1281119406 Q * dna__ Ping timeout: 480 seconds 1281119499 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net 1281119585 Q * dna_ Ping timeout: 480 seconds 1281119754 J * dna_ ~dna@p54BC8E85.dip0.t-ipconnect.de 1281120090 Q * ntrs Ping timeout: 480 seconds 1281120122 Q * dna Ping timeout: 480 seconds 1281120455 J * dna ~dna@p54BC8DC7.dip0.t-ipconnect.de 1281120842 Q * dna_ Ping timeout: 480 seconds 1281121379 J * dna_ ~dna@p54BC8C3A.dip0.t-ipconnect.de 1281121744 Q * dna Ping timeout: 480 seconds 1281123154 J * dna__ ~dna@p54BC8BDF.dip0.t-ipconnect.de 1281123216 N * Bertl_oO Bertl 1281123346 J * dna ~dna@p54BC8A6B.dip0.t-ipconnect.de 1281123573 Q * dna_ Ping timeout: 480 seconds 1281123576 J * dna_ ~dna@p54BC8A59.dip0.t-ipconnect.de 1281123692 Q * dna__ Ping timeout: 480 seconds 1281123863 J * dna__ ~dna@p54BC8A72.dip0.t-ipconnect.de 1281123902 Q * dna Ping timeout: 480 seconds 1281124225 J * dna ~dna@p54BC8ABC.dip0.t-ipconnect.de 1281124232 Q * dna_ Ping timeout: 480 seconds 1281124620 Q * dna__ Ping timeout: 480 seconds 1281124771 J * dna_ ~dna@p54BC8941.dip0.t-ipconnect.de 1281124941 J * dna__ ~dna@p54BC8961.dip0.t-ipconnect.de 1281125039 Q * dna Ping timeout: 480 seconds 1281125310 Q * dna_ Ping timeout: 480 seconds 1281125432 Q * dna__ Ping timeout: 480 seconds 1281125456 Q * petzsch Quit: Leaving. 1281125587 J * imcsk8 ~ichavero@201.144.87.46 1281125989 J * petzsch ~markus@dslb-088-075-168-105.pools.arcor-ip.net 1281127234 Q * imcsk8 Quit: This computer has gone to sleep 1281128369 Q * petzsch Quit: Leaving. 1281129611 J * derjohn_mob ~aj@g228048104.adsl.alicedsl.de 1281133888 Q * bonbons Quit: Leaving 1281136035 Q * dowdle Remote host closed the connection 1281138187 M * Bertl off to bed now ... have a good one everyone! 1281138204 N * Bertl Bertl_zZ 1281138388 Q * Piet Quit: Piet 1281138408 J * Piet ~Piet__@04ZAADRYK.tor-irc.dnsbl.oftc.net