Re: [gentoo-user] Removing unnecessary package versions in lower slots
Richard Fish wrote: Does media-libs/freetype appear in /var/lib/portage/world? If so, remove it (manually edit the file), as that would prevent depclean from considering it. Then re-run emerge --pretend --depclean. This is good advice, thank you. I'm just curious, if there is tool, which can check depends for particular version of slotted package? -- Mariusz -- gentoo-user@gentoo.org mailing list
[gentoo-user] Removing unnecessary package versions in lower slots
Hello. There are some packages on my systems, which probably are unnecessary. I would like to clean them, but my problem is connected with slotted packages. For example, I've checked glsa-check output: # glsa-check -p affected Checking GLSA 200607-02 The following updates will be performed for this GLSA: media-libs/freetype-2.1.10-r2 (2.1.10-r2) And I've found that there is security problem with media-libs/freetype. I've had installed the newest, stable version of this package (2.1.10-r2) in the past. # eix media-libs/freetype * media-libs/freetype Available versions: 1.3.1-r4 ~1.3.1-r5 2.1.9-r1 ~2.1.10 ~2.1.10-r1 2.1.10-r2 [M]2.2.1 Installed: 1.3.1-r4 2.1.10-r2 Homepage:http://www.freetype.org/ Description: A high-quality and portable font engine Freetype is slotted into to versions and 1.3.1-r4 is affected. How can I check, if there are any packages that depends on =media-libs/freetype-1.3.1-r4? I would like to remove this version from system if it's not necessary. 'equery depends' tool does not work with version of package in syntax. I know, that there is 'emerge --depclean' but there isn't freetype in output. -- Best regards, Mariusz -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Connlimit (iptables)
Jürgen Pierau napisał(a): Did you check if the module has not only been built but was also loaded into the kernel? Yes. I've tried to compile this feature into kernel and as a module. In both cases I had the same error. I also recompile iptables after applying patch-o-matic-ng. I think I will send this to gentoo bugtrack. -- MZ -- gentoo-user@gentoo.org mailing list
[gentoo-user] Connlimit (iptables)
Hello. I have problem with connlimit module for iptables. ~ # uname -r 2.6.15-gentoo-r1 ~ # grep -i match_limit /usr/src/linux/.config CONFIG_IP_NF_MATCH_LIMIT=m ~ # lsmod | grep limit ipt_limit 2240 2 ~ # iptables -V iptables v1.3.4 ~ # equery uses iptables [ Searching for packages matching iptables... ] [ Colour Code : set unset ] [ Legend: Left column (U) - USE flags from make.conf ] [ : Right column (I) - USE flags packages was installed with ] [ Found these USE variables for net-firewall/iptables-1.3.4 ] U I + + extensions : Enable support for 3rd patch-o-matic extensions - - ipv6 : Adds support for IP version 6 - - static : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically --- end of code ... and finally: ~ # iptables -I OUTPUT -m connlimit --connlimit-above 50 -j DROP iptables: No chain/target/match by that name There is different error information in newer version (1.3.5) of iptables: Code: ~ # iptables -I OUTPUT -m connlimit --connlimit-above 50 -j DROP iptables: Unknown error 4294967295 Other rules added to OUTPUT chain works fine, only connlimit produce errors. Is it a bug (should I send it on bugtrack) or there is something wrong with my system or bad syntax with using connlimit? -- Best regards, MZ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to install iplimit?
I would like to use iplimit in my firewall. I'm still using 2.6.11-r9, but, it appears to be in yours too. From make menuconfig under the 2.6.11-r9 it is here: [...] m limit match support It is not this module. limit module can limit number of packets in specified amount of time. But I want to limit number of parallel connections from define IP. Ups... I've had the old news about iplimit. There is a feature, which I would like to use in ipt_limit module, as Chad Feller wrote. The module to enable in iptables (-m) is called connlimit, not iplimit. But I have now another problem. When I want to use connlimit module, I always get iptables error: iptables: No chain/target/match by that name For example: # lsmod | grep limit ipt_limit 2240 2 iptables -A FORWARD -o eth2 -s 192.168.0.12 \ -m connlimit --connlimit-above 60 -j REJECT iptables: No chain/target/match by that name Any other rules (not -m connlimit) added to FORWARD chain are working well. I've tried to compile ipt_limit in kernel (not as module), but the error appears also. -- MZ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to install iplimit?
I would like to use iplimit in my firewall. I'm still using 2.6.11-r9, but, it appears to be in yours too. From make menuconfig under the 2.6.11-r9 it is here: [...] m limit match support It is not this module. limit module can limit number of packets in specified amount of time. But I want to limit number of parallel connections from define IP. Look: http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.5 -- Mariusz Zalewski [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
[gentoo-user] How to install iplimit?
Hello I would like to use iplimit in my firewall. I use iptables-1.3.4 with extensions USE flag and gentoo-sources-2.6.15-r1 I can't find iplimit module in that kernel: # grep -i iplimit /usr/src/linux/.confg {none} How to install iplimit on my server? What should I do? Maybe there is other module, that can restrict number of connections from define IP address? P.S. Sorry about crosspost - I've send this message few days ago to gentoo-security mail list, but nobody reply. -- Mariusz Zalewski [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list