Re: [gentoo-user] IPTABLES

2015-12-24 Thread siefke_lis...@web.de 
Hello,

On Thu, 24 Dec 2015 15:11:55 +0300 Andrew Savchenko
 wrote:

> ...
> It is a bit old and isn't an ultimate description of all
> iptables features (you have manuals for that), but will give you a
> good understanding of how packet flow works and how they should be
> processed.
> ...

thank you for your information, now i know more where i am. 


Silvio

Silvio Siefke


pgpiggtf558BS.pgp
Description: PGP signature

[gentoo-user] Manually removing packages from world problem

2015-12-24 Thread João Matos 
Dear list,

I was having problem with plasma, so I decided to change it.

I've removed all packages related from world, changed the profile, erased
use-related files from /etc/portage.

Then I've used "emerge --depclean", that worked as should be.

However, when I tried "emerge -avuDN world" I got a problem: portage tries
to emerge all these world packages I removed before.

What should be happening?

Thank you all,
-- 
João Neto
Linux User #461527
http://br.linkedin.com/pub/jo%C3%A3o-de-matos/7/316/552

Re: [gentoo-user] QEMU unable to initialize audio

2015-12-24 Thread Ian Bloss 
Libsdl and libsdl2 built with sound use flag on host?

On Thu, Dec 24, 2015, 16:04   wrote:

>   Any ideas?  The error message is...
>
> sdl: SDL failed to initialize audio subsystem
> sdl: Reason: No available audio device
> audio: Could not init `sdl' audio driver
>
>   I get this both with a Gentoo guest...
>
> #!/bin/bash
> qemu-system-i386 -enable-kvm \
>-cpu host -display gtk \
>-drive file=gentoo32.img,format=raw \
>-drive file=linuxswap.img,format=raw \
>-net nic,model=virtio \
>-rtc base=localtime,clock=host \
>-net user,hostname=gentoovm,hostfwd=tcp::2022-:22 \
>-m 3G -name "Gentoo VM" \
>-soundhw sb16 -parallel none \
>${@}
>
> ...and an OS/2 Warp 4 guest...
>
> #!/bin/bash
> qemu-system-i386 -enable-kvm \
>-cpu coreduo -monitor vc \
>-drive file=os2.img,format=raw \
>-net nic,model=pcnet \
>-m size=64 -name "OS/2 VM" \
>-soundhw sb16 -vga std \
>${@}
>
>   On the host, from "emerge -pv qemu"...
>
> app-emulation/qemu-2.4.1-r2::gentoo USE="aio alsa curl fdt gtk gtk2 jpeg
> ncurses opengl pin-upstream-blobs png sdl sdl2 ssh threads usb vhost-net
> vnc -accessibility -bluetooth -caps -debug -filecaps (-glusterfs)
> -infiniband -iscsi -lzo -nfs -nls -numa -pulseaudio -python -rbd -sasl
> -seccomp (-selinux) -smartcard -snappy -spice -static -static-softmmu
> -static-user -systemtap -tci {-test} -tls -usbredir -uuid -vde -virtfs -vte
> -xattr -xen -xfs"
> PYTHON_TARGETS="python2_7"
> QEMU_SOFTMMU_TARGETS="i386 x86_64"
> QEMU_USER_TARGETS="i386 x86_64"
>
> --
> Walter Dnes 
> I don't run "desktop environments"; I run useful applications
>
>

Re: [gentoo-user] Manually removing packages from world problem

2015-12-24 Thread Dale 
João Matos wrote:
> Dear list,
>
> I was having problem with plasma, so I decided to change it.
>
> I've removed all packages related from world, changed the profile,
> erased use-related files from /etc/portage.
>
> Then I've used "emerge --depclean", that worked as should be.
>
> However, when I tried "emerge -avuDN world" I got a problem: portage
> tries to emerge all these world packages I removed before.
>
> What should be happening?
>
> Thank you all,
> -- 
> João Neto
> Linux User #461527
> http://br.linkedin.com/pub/jo%C3%A3o-de-matos/7/316/552


Try adding the -t option to emerge and it will tell you what is pulling
them in.  Odds are, you have KDE installed and that is pulling it in. 
Keep in mind, you should only add packages to world that you actually
use.  Emerge will take care of pulling in the dependencies.  For me, I
used kde-meta.  It pulled in most everything I needed.  Anything that
was missing, I emerged and had it add it to world.  I have several
plasma packages installed but none of them are listed in the world file. 

If the -t doesn't shed any light, post what it shows and maybe it will
help someone else see something, that is there or not there that should
be. 

Dale

:-)  :-)

Re: [gentoo-user] Manually removing packages from world problem

2015-12-24 Thread Ian Bloss 
Check your /var/lib/world file to see if there are any packages or sets
that mught be pulling it. Also check make.conf global USE and package.use

On Thu, Dec 24, 2015, 17:24 João Matos  wrote:

> Dear list,
>
> I was having problem with plasma, so I decided to change it.
>
> I've removed all packages related from world, changed the profile, erased
> use-related files from /etc/portage.
>
> Then I've used "emerge --depclean", that worked as should be.
>
> However, when I tried "emerge -avuDN world" I got a problem: portage tries
> to emerge all these world packages I removed before.
>
> What should be happening?
>
> Thank you all,
> --
> João Neto
> Linux User #461527
> http://br.linkedin.com/pub/jo%C3%A3o-de-matos/7/316/552
>

Re: [gentoo-user] QEMU unable to initialize audio

2015-12-24 Thread waltdnes 
On Thu, Dec 24, 2015 at 10:48:28PM +, Ian Bloss wrote
> Libsdl and libsdl2 built with sound use flag on host?

  I didn't bother enabling alsa except for packages that actually need
it.  I've enabled it for libsdl, but not for sdl2, because I didn't
realize libsdl2 even existed.  According to equery, the only package
pulling in libsdl2 is qemu, and that's because I set the flag.  If I
remove the "alsa2" flag from qemu, will it work properly with "alsa"
alone?

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] QEMU unable to initialize audio

2015-12-24 Thread Ian Bloss 
I was saying the libsdl packages have a USE flag "sound" which builds the
sound module for sdl. So if qemu makes any calls to the sound module not
pure alsa calls, that might be causing your issue.

Wabes USE flag output shows he's building sdl with the "sound" use flag
enabled and not just alsa alone.

On Thu, Dec 24, 2015, 22:26   wrote:

> waltd...@waltdnes.org wrote:
>
> > On Thu, Dec 24, 2015 at 10:48:28PM +, Ian Bloss wrote
> > > Libsdl and libsdl2 built with sound use flag on host?
> >
> >   I didn't bother enabling alsa except for packages that actually need
> > it.  I've enabled it for libsdl, but not for sdl2, because I didn't
> > realize libsdl2 even existed.  According to equery, the only package
> > pulling in libsdl2 is qemu, and that's because I set the flag.  If I
> > remove the "alsa2" flag from qemu, will it work properly with "alsa"
> > alone?
>
> On my host system I use alsa and no pulseaudio. However it doesn't
> make any difference if I set the alsa USE-flag for qemu or not.
>
> I don't know if qemu runs flawless without sdl2 USE-flag. But you can
> easily test this.
>
> Btw. Since I reverted from qemu-2.5.0 back to qemu-2.4.1-r2, qemu
> hangs no longer when I specify ac97, hda or es1370 as sound hardware
> emulation. But I have to start the xfce mixer application on the
> guest OS after the desktop is loaded. If I don't do this, then one
> core on my host is always at 100% load and qemu is slow and sometimes
> doesn't respond for some seconds. But no error message appears on
> guest or host.
> Strange is, that the guest OS doesn't show a high load but only the
> host OS. After I started the xfce-mixer app on guest OS, everything
> is smooth and host load count normalizes.
>
> I now use qemu with "-soundhw es1370" and am have automated the start
> of the mixer app. With this, sound is working fine.
>
> As I already said, when I use sb16 or gus then I have no sound at all.
> Only ac97, hda and es1370 are working for me. Maybe this has something
> to do with the guest OS.
>
> Here are the USE-flags that I use for qemu, libsdl and libsdl2.
>
> app-emulation/qemu-2.4.1-r2 aio caps curl fdt filecaps gtk gtk2 jpeg lzo
> ncurses nfs nls opengl pin-upstream-blobs png python sasl sdl sdl2 seccomp
> spice threads usb uuid vde vhost-net vnc xattr xfs -accessibility -alsa
> -bluetooth -debug -glusterfs -infiniband -iscsi -numa -pulseaudio -rbd
> -selinux -smartcard -snappy -ssh -static -static-softmmu -static-user
> -systemtap -tci -test -tls -usbredir -virtfs -vte -xen
>
> media-libs/libsdl-1.2.15-r9 X alsa dga fbcon joystick opengl oss sound
> video xv -aalib -custom-cflags -libcaca -nas -pulseaudio -static-libs
> -tslib -xinerama
>
> media-libs/libsdl2-2.0.3-r200 X alsa dbus joystick opengl oss sound
> threads udev video xscreensaver -altivec -custom-cflags -fusionsound -gles
> -haptic -nas -pulseaudio -static-libs -tslib -wayland -xinerama
>
> --
> Regards
> wabe
>
>

Re: [gentoo-user] Gcc 5.3

2015-12-24 Thread Paul Colquhoun 
On Thu, 24 Dec 2015 10:18:27 Alan Grimes wrote:
> Hey, thanks for putting out gcc 5.3...
> 
> Unfortunately, it fails to bootstrap on my machine. I am getting
> differences between the stage 2 and stage 3 compilers and it's dying... =(
> 
> make[2]: Entering directory
> '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> make[3]: Entering directory
> '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> rm -f stage_current
> make[3]: Leaving directory '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> Comparing stages 2 and 3
> warning: gcc/cc1plus-checksum.o differs
> warning: gcc/cc1-checksum.o differs
> Bootstrap comparison failure!
> gcc/tree-ssa-threadedge.o differs


I'm getting the same problem. I keyworded 5.1.0 as a test, and it did the same 
thing.

Perhaps my search skills are lacking, but I cant see anything else about this 
for GCC v5 (yet).

Was planning to poke at it for a few more days before putting in a bug report.

I've included the first part of 'emerge --info' for my system below. Is yours 
similar?


Portage 2.2.26 (python 2.7.11-final-0, 
default/linux/amd64/13.0/desktop/kde/systemd, gcc-4.9.3, glibc-2.22-r1, 4.2.2-
gentoo x86_64)
=
 System Settings
=
System uname: Linux-4.2.2-gentoo-x86_64-AMD_FX-tm-8120_Eight-Core_Processor-
with-gentoo-2.2
KiB Mem:16441164 total,679344 free
KiB Swap:   67108856 total,  67108684 free
Timestamp of repository gentoo: Thu, 24 Dec 2015 15:45:01 +
sh bash 4.3_p42
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
ccache version 3.2.4 [disabled]
app-shells/bash:  4.3_p42::gentoo
dev-java/java-config: 2.2.0::gentoo
dev-lang/perl:5.22.1::gentoo
dev-lang/python:  2.7.11-r1::gentoo, 3.4.3-r7::gentoo, 3.5.1-
r2::gentoo
dev-util/ccache:  3.2.4::gentoo
dev-util/cmake:   3.4.1::gentoo
dev-util/pkgconfig:   0.29::gentoo
sys-apps/baselayout:  2.2::gentoo
sys-apps/openrc:  0.19.1::gentoo
sys-apps/sandbox: 2.10-r1::gentoo
sys-devel/autoconf:   2.13::gentoo, 2.69-r1::gentoo
sys-devel/automake:   1.11.6-r2::gentoo, 1.12.6::gentoo, 1.13.4-
r1::gentoo, 1.14.1-r1::gentoo, 1.15-r1::gentoo
sys-devel/binutils:   2.25.1-r1::gentoo
sys-devel/gcc:4.9.3::gentoo
sys-devel/gcc-config: 1.8::gentoo
sys-devel/libtool:2.4.6-r1::gentoo
sys-devel/make:   4.1-r1::gentoo
sys-kernel/linux-headers: 4.3::gentoo (virtual/os-headers)
sys-libs/glibc:   2.22-r1::gentoo


-- 
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/
  Asking for technical help in newsgroups?  Read this first:
 http://catb.org/~esr/faqs/smart-questions.html#intro

[gentoo-user] QEMU unable to initialize audio

2015-12-24 Thread waltdnes 
  Any ideas?  The error message is...

sdl: SDL failed to initialize audio subsystem
sdl: Reason: No available audio device
audio: Could not init `sdl' audio driver

  I get this both with a Gentoo guest...

#!/bin/bash
qemu-system-i386 -enable-kvm \
   -cpu host -display gtk \
   -drive file=gentoo32.img,format=raw \
   -drive file=linuxswap.img,format=raw \
   -net nic,model=virtio \
   -rtc base=localtime,clock=host \
   -net user,hostname=gentoovm,hostfwd=tcp::2022-:22 \
   -m 3G -name "Gentoo VM" \
   -soundhw sb16 -parallel none \
   ${@}

...and an OS/2 Warp 4 guest...

#!/bin/bash
qemu-system-i386 -enable-kvm \
   -cpu coreduo -monitor vc \
   -drive file=os2.img,format=raw \
   -net nic,model=pcnet \
   -m size=64 -name "OS/2 VM" \
   -soundhw sb16 -vga std \
   ${@}

  On the host, from "emerge -pv qemu"...

app-emulation/qemu-2.4.1-r2::gentoo USE="aio alsa curl fdt gtk gtk2 jpeg 
ncurses opengl pin-upstream-blobs png sdl sdl2 ssh threads usb vhost-net vnc 
-accessibility -bluetooth -caps -debug -filecaps (-glusterfs) -infiniband 
-iscsi -lzo -nfs -nls -numa -pulseaudio -python -rbd -sasl -seccomp (-selinux) 
-smartcard -snappy -spice -static -static-softmmu -static-user -systemtap -tci 
{-test} -tls -usbredir -uuid -vde -virtfs -vte -xattr -xen -xfs"
PYTHON_TARGETS="python2_7"
QEMU_SOFTMMU_TARGETS="i386 x86_64"
QEMU_USER_TARGETS="i386 x86_64"

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] Manually removing packages from world problem

2015-12-24 Thread João Matos 
2015-12-24 22:48 GMT+00:00 Dale :

> João Matos wrote:
> > Dear list,
> >
> > I was having problem with plasma, so I decided to change it.
> >
> > I've removed all packages related from world, changed the profile,
> > erased use-related files from /etc/portage.
> >
> > Then I've used "emerge --depclean", that worked as should be.
> >
> > However, when I tried "emerge -avuDN world" I got a problem: portage
> > tries to emerge all these world packages I removed before.
> >
> > What should be happening?
> >
> > Thank you all,
> > --
> > João Neto
> > Linux User #461527
> > http://br.linkedin.com/pub/jo%C3%A3o-de-matos/7/316/552
>
>
> Try adding the -t option to emerge and it will tell you what is pulling
> them in.  Odds are, you have KDE installed and that is pulling it in.
> Keep in mind, you should only add packages to world that you actually
> use.  Emerge will take care of pulling in the dependencies.  For me, I
> used kde-meta.  It pulled in most everything I needed.  Anything that
> was missing, I emerged and had it add it to world.  I have several
> plasma packages installed but none of them are listed in the world file.
>
> If the -t doesn't shed any light, post what it shows and maybe it will
> help someone else see something, that is there or not there that should
> be.
>
> Dale
>
> :-)  :-)
>
>
>
The problem was the user. yakuake was there. I removed it, and everything
is working as it shoud.

thank you all any way

-- 
João Neto
Linux User #461527
http://br.linkedin.com/pub/jo%C3%A3o-de-matos/7/316/552

Re: [gentoo-user] QEMU unable to initialize audio

2015-12-24 Thread wabenbau 
waltd...@waltdnes.org wrote:

> On Thu, Dec 24, 2015 at 10:48:28PM +, Ian Bloss wrote
> > Libsdl and libsdl2 built with sound use flag on host?
> 
>   I didn't bother enabling alsa except for packages that actually need
> it.  I've enabled it for libsdl, but not for sdl2, because I didn't
> realize libsdl2 even existed.  According to equery, the only package
> pulling in libsdl2 is qemu, and that's because I set the flag.  If I
> remove the "alsa2" flag from qemu, will it work properly with "alsa"
> alone?

On my host system I use alsa and no pulseaudio. However it doesn't 
make any difference if I set the alsa USE-flag for qemu or not.

I don't know if qemu runs flawless without sdl2 USE-flag. But you can
easily test this.

Btw. Since I reverted from qemu-2.5.0 back to qemu-2.4.1-r2, qemu 
hangs no longer when I specify ac97, hda or es1370 as sound hardware
emulation. But I have to start the xfce mixer application on the 
guest OS after the desktop is loaded. If I don't do this, then one 
core on my host is always at 100% load and qemu is slow and sometimes
doesn't respond for some seconds. But no error message appears on 
guest or host.
Strange is, that the guest OS doesn't show a high load but only the 
host OS. After I started the xfce-mixer app on guest OS, everything 
is smooth and host load count normalizes. 

I now use qemu with "-soundhw es1370" and am have automated the start 
of the mixer app. With this, sound is working fine.

As I already said, when I use sb16 or gus then I have no sound at all.
Only ac97, hda and es1370 are working for me. Maybe this has something
to do with the guest OS.

Here are the USE-flags that I use for qemu, libsdl and libsdl2.

app-emulation/qemu-2.4.1-r2 aio caps curl fdt filecaps gtk gtk2 jpeg lzo 
ncurses nfs nls opengl pin-upstream-blobs png python sasl sdl sdl2 seccomp 
spice threads usb uuid vde vhost-net vnc xattr xfs -accessibility -alsa 
-bluetooth -debug -glusterfs -infiniband -iscsi -numa -pulseaudio -rbd -selinux 
-smartcard -snappy -ssh -static -static-softmmu -static-user -systemtap -tci 
-test -tls -usbredir -virtfs -vte -xen

media-libs/libsdl-1.2.15-r9 X alsa dga fbcon joystick opengl oss sound video xv 
-aalib -custom-cflags -libcaca -nas -pulseaudio -static-libs -tslib -xinerama

media-libs/libsdl2-2.0.3-r200 X alsa dbus joystick opengl oss sound threads 
udev video xscreensaver -altivec -custom-cflags -fusionsound -gles -haptic -nas 
-pulseaudio -static-libs -tslib -wayland -xinerama

--
Regards
wabe

Re: [gentoo-user] Gcc 5.3

2015-12-24 Thread David Haller 
Hello,

On Thu, 24 Dec 2015, Alan Grimes wrote:
>Hey, thanks for putting out gcc 5.3...
>
>Unfortunately, it fails to bootstrap on my machine. I am getting
>differences between the stage 2 and stage 3 compilers and it's dying... =(

What compiler and C(XX)FLAGS are you using? It builds nicely with
gcc-4.9 (and rather agressive flags) here. With how many processes
(MAKEOPTS) are you compiling?.

Also, compiling gcc might expose flaky RAM (removing and reseating the
RAM DIMMs might help there[0]). Have you e.g. encoded stuff with
mencoder or ffmpeg lately[1]? If you're compiling with any MAKEOPTS
'-j1' it could be the same phenomenon as I had in [1], so try with
-j1. If that works ... Consider using prime95/mprime[2] for a test.

-dnh

[0] stuff expands and shrinks depending on temps, so connections can
get flaky even if the box isn't moved ;)

[1] I've had mencoder segfault on me reproducibly on one box after
20-30 mins encoding with one process, and <= 10mins with two
processes. Memtest86 found nothing in one round. New RAM (replaced
on guarantee :) cured the problem for good.

[2] http://www.mersenne.org/download/#download

-- 
panic("Attempted to kill the idle task!");
linux-2.2.16/kernel/exit.c

Re: [gentoo-user] Gcc 5.3

2015-12-24 Thread Alan Grimes 
It has been many moons since I got into compiling a compiler but here's
how it basically works:


 STAGE 1:

Compile the new compiler with whatever broken crap compiler is already
installed/hacked together/manually entered by punch cards/etc...

STAGE 2:

Compile the new compiler with whatever came out of stage 1.

STAGE 3:

As a sanity check, compile the new compiler a third time with whatever
came out of stage 2

Because stage 1 should have produced a fully updated compiler, it's
output (stage 2) should be identical to what that compiler in turn
produced (Stage 3).

This is where it's failing for me.


Stanislav Nikolov wrote:
> I think they should be compiled with the same version of gcc,
> shouldn't they?
>
> On 12/24/2015 05:18 PM, Alan Grimes wrote:
> > Hey, thanks for putting out gcc 5.3...
>
> > Unfortunately, it fails to bootstrap on my machine. I am getting
> > differences between the stage 2 and stage 3 compilers and it's
> dying... =(
>
> > make[2]: Entering directory
> > '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> > make[3]: Entering directory
> > '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> > rm -f stage_current
> > make[3]: Leaving directory
> '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> > Comparing stages 2 and 3
> > warning: gcc/cc1plus-checksum.o differs
> > warning: gcc/cc1-checksum.o differs
> > Bootstrap comparison failure!
> > gcc/tree-ssa-threadedge.o differs
> > gcc/tsan.o differs
> > gcc/print-tree.o differs
> > gcc/df-core.o differs
> > gcc/omega.o differs
> > gcc/dwarf2cfi.o differs
> > gcc/lto-cgraph.o differs
> > gcc/sanopt.o differs
> > gcc/sched-vis.o differs
> > gcc/tree-ssa-tail-merge.o differs
> > gcc/godump.o differs
> > gcc/graph.o differs
> > gcc/tree-vect-loop-manip.o differs
> > gcc/cse.o differs
> > gcc/omp-low.o differs
>
> > [many lines omitted]
>
> > libiberty/xmalloc.o differs
> > libiberty/simple-object-elf.o differs
> > libiberty/spaces.o differs
> > libiberty/pex-unix.o differs
> > libiberty/simple-object-coff.o differs
> > libiberty/crc32.o differs
> > libiberty/physmem.o differs
> > libiberty/make-relative-prefix.o differs
> > libiberty/argv.o differs
> > libiberty/pex-common.o differs
> > libiberty/simple-object.o differs
> > libiberty/strerror.o differs
> > libiberty/simple-object-mach-o.o differs
> > libiberty/sha1.o differs
> > libiberty/cp-demint.o differs
> > libiberty/dyn-string.o differs
> > libiberty/make-temp-file.o differs
> > libiberty/cplus-dem.o differs
> > libiberty/sort.o differs
> > libiberty/splay-tree.o differs
> > libiberty/xstrndup.o differs
> > lto-plugin/.libs/lto-plugin.o differs
> > Makefile:19638: recipe for target 'compare' failed
> > make[2]: *** [compare] Error 1
> > make[2]: Leaving directory
> '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> > Makefile:19617: recipe for target 'stage3-bubble' failed
> > make[1]: *** [stage3-bubble] Error 2
> > make[1]: Leaving directory
> '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> > Makefile:19691: recipe for target 'bootstrap-lean' failed
> > make: *** [bootstrap-lean] Error 2
> >  * ERROR: sys-devel/gcc-5.3.0::gentoo failed (compile phase):
> >  *   emake failed
>
>
>
> >

-- 
IQ is a measure of how stupid you feel.

Powers are not rights.

Re: [gentoo-user] IPTABLES

2015-12-24 Thread Andrew Savchenko 
Hi,

On Tue, 22 Dec 2015 22:45:12 +0100 siefke_lis...@web.de wrote:
> i try to run iptables, block bad ips and close the system. 
> 
> I want run firewall which block all INPUT, only ALLOW services i defined.
> Ipset want to use to block spam ips, make it sure awesome as ever set rules 
> manuell.
> 
> Im not so sure is okay, i has try and read but at end often i kick me out
> from rootserver. So better ask what say profis of Gentoo. 
> 
> The Firewall Script > http://pastebin.com/b3305i41

I recommend you to read a good tutorial first, e.g. this one:
https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html

It is a bit old and isn't an ultimate description of all
iptables features (you have manuals for that), but will give you a
good understanding of how packet flow works and how they should be
processed.

I see three main problems with your current rules:

1. ESTABLISHED,RELATED packets are not accepted in the INPUT. You
will have legitimate traffic blocked because of that.

2. Rules are vulnerable to SYN/ACK attack (see manual above on how
to fix this). FORWARDed traffic is not protected at all (are tun+
interfaces completely trusted?).

3. Rules are far from being optimal, e.g. instead of having many
enrtries for each accepted port, you can write just two rules
using multiport target: one for tcp and another one for udp. These
way your rules will be much faster. Also you should consider proper
ordering of rules: those with higher hit rate should go first if
this doesn't impact security scheme.

There are minor issues of course, like blacklist check late on the
rules (it should come one of the first, otherwise blacklisted hosts
will be allowed to connect your open services).

For remote debugging I recommend a small script like:
./iptables-current; sleep 1m; iptables-good

where iptables-current is the script with your current rules you
want to test and iptables-good are tested rules which work for you.
This way if you'll screw up with current rules and remote control
well be lost, in a minute good old rules will be applied. Of
course, you should terminate this command with ^C if new rules are
good, so that old ones will not be fired in a minute.

Best regards,
Andrew Savchenko


pgpZWFGV4tF5F.pgp
Description: PGP signature

[gentoo-user] Gcc 5.3

2015-12-24 Thread Alan Grimes 
Hey, thanks for putting out gcc 5.3...

Unfortunately, it fails to bootstrap on my machine. I am getting
differences between the stage 2 and stage 3 compilers and it's dying... =(

make[2]: Entering directory
'/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
make[3]: Entering directory
'/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
rm -f stage_current
make[3]: Leaving directory '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
Comparing stages 2 and 3
warning: gcc/cc1plus-checksum.o differs
warning: gcc/cc1-checksum.o differs
Bootstrap comparison failure!
gcc/tree-ssa-threadedge.o differs
gcc/tsan.o differs
gcc/print-tree.o differs
gcc/df-core.o differs
gcc/omega.o differs
gcc/dwarf2cfi.o differs
gcc/lto-cgraph.o differs
gcc/sanopt.o differs
gcc/sched-vis.o differs
gcc/tree-ssa-tail-merge.o differs
gcc/godump.o differs
gcc/graph.o differs
gcc/tree-vect-loop-manip.o differs
gcc/cse.o differs
gcc/omp-low.o differs

[many lines omitted]

libiberty/xmalloc.o differs
libiberty/simple-object-elf.o differs
libiberty/spaces.o differs
libiberty/pex-unix.o differs
libiberty/simple-object-coff.o differs
libiberty/crc32.o differs
libiberty/physmem.o differs
libiberty/make-relative-prefix.o differs
libiberty/argv.o differs
libiberty/pex-common.o differs
libiberty/simple-object.o differs
libiberty/strerror.o differs
libiberty/simple-object-mach-o.o differs
libiberty/sha1.o differs
libiberty/cp-demint.o differs
libiberty/dyn-string.o differs
libiberty/make-temp-file.o differs
libiberty/cplus-dem.o differs
libiberty/sort.o differs
libiberty/splay-tree.o differs
libiberty/xstrndup.o differs
lto-plugin/.libs/lto-plugin.o differs
Makefile:19638: recipe for target 'compare' failed
make[2]: *** [compare] Error 1
make[2]: Leaving directory '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
Makefile:19617: recipe for target 'stage3-bubble' failed
make[1]: *** [stage3-bubble] Error 2
make[1]: Leaving directory '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
Makefile:19691: recipe for target 'bootstrap-lean' failed
make: *** [bootstrap-lean] Error 2
 * ERROR: sys-devel/gcc-5.3.0::gentoo failed (compile phase):
 *   emake failed



-- 
IQ is a measure of how stupid you feel.

Powers are not rights.

Re: [gentoo-user] Gcc 5.3

2015-12-24 Thread Stanislav Nikolov 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I think they should be compiled with the same version of gcc, shouldn't they?

On 12/24/2015 05:18 PM, Alan Grimes wrote:
> Hey, thanks for putting out gcc 5.3...
> 
> Unfortunately, it fails to bootstrap on my machine. I am getting
> differences between the stage 2 and stage 3 compilers and it's dying... =(
> 
> make[2]: Entering directory
> '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> make[3]: Entering directory
> '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> rm -f stage_current
> make[3]: Leaving directory '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> Comparing stages 2 and 3
> warning: gcc/cc1plus-checksum.o differs
> warning: gcc/cc1-checksum.o differs
> Bootstrap comparison failure!
> gcc/tree-ssa-threadedge.o differs
> gcc/tsan.o differs
> gcc/print-tree.o differs
> gcc/df-core.o differs
> gcc/omega.o differs
> gcc/dwarf2cfi.o differs
> gcc/lto-cgraph.o differs
> gcc/sanopt.o differs
> gcc/sched-vis.o differs
> gcc/tree-ssa-tail-merge.o differs
> gcc/godump.o differs
> gcc/graph.o differs
> gcc/tree-vect-loop-manip.o differs
> gcc/cse.o differs
> gcc/omp-low.o differs
> 
> [many lines omitted]
> 
> libiberty/xmalloc.o differs
> libiberty/simple-object-elf.o differs
> libiberty/spaces.o differs
> libiberty/pex-unix.o differs
> libiberty/simple-object-coff.o differs
> libiberty/crc32.o differs
> libiberty/physmem.o differs
> libiberty/make-relative-prefix.o differs
> libiberty/argv.o differs
> libiberty/pex-common.o differs
> libiberty/simple-object.o differs
> libiberty/strerror.o differs
> libiberty/simple-object-mach-o.o differs
> libiberty/sha1.o differs
> libiberty/cp-demint.o differs
> libiberty/dyn-string.o differs
> libiberty/make-temp-file.o differs
> libiberty/cplus-dem.o differs
> libiberty/sort.o differs
> libiberty/splay-tree.o differs
> libiberty/xstrndup.o differs
> lto-plugin/.libs/lto-plugin.o differs
> Makefile:19638: recipe for target 'compare' failed
> make[2]: *** [compare] Error 1
> make[2]: Leaving directory '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> Makefile:19617: recipe for target 'stage3-bubble' failed
> make[1]: *** [stage3-bubble] Error 2
> make[1]: Leaving directory '/var/tmp/portage/sys-devel/gcc-5.3.0/work/build'
> Makefile:19691: recipe for target 'bootstrap-lean' failed
> make: *** [bootstrap-lean] Error 2
>  * ERROR: sys-devel/gcc-5.3.0::gentoo failed (compile phase):
>  *   emake failed
> 
> 
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJWfBHDAAoJEBYxB87Vey/R/yEH/1y1ZpfKFfN8+SAwNMRlAMdf
u9MYag/wI0Ilnrh/uFg3oDZyKZPj+3ze3bjFaIY+8f7xyRQuS+bzk9gTu/eG9WzF
m/KT1QSwtRwatgXlBpgJKWNn6jNnLg3zKCUHi+okb9XSffkXedW641+az7E9J1pK
YQeGbysRaMSHoshGgBSPr3CHoMpQnkNoIjbUJ0hCRBOSxmth67WFq4gMxSEYG4sM
F6pn+dI2Ir1stGSItBJzkWXAWpsfBopxebBi3DVpPJmUvDkyAelzGCl+E8kV5f/S
soWO4cFVoAAJyk8MEI4KZ/MPo+R+gzjBJKHOcyf5oORlvGG8DRWy5mAEaTPnH2c=
=4Pts
-END PGP SIGNATURE-