Re: Iptable rule required to block youtube
You don't - not easily, at least. iptables allows you to configure rules by IP. Blocking e.g. *.youtube.com/* [to say nothing of aliases thereof] is hostname-based, not IP-based. And I would imagine, at a glance, that Youtube has a lot of IPs. Your easiest answer would be to do HTTP proxying and filter it that way. - Rich On Thu, Oct 4, 2012 at 3:27 AM, vivek chalotra vivekat...@gmail.com wrote: Dear all, i have used the following ip table rules to implement gateway in my linux server: iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface eth1 -j ACCEPT echo 1 /proc/sys/net/ipv4/ip_forward iptables-save And now i want to block youtube on my network. kindly suggest iptable rules to do that. My server has two ethernet card, eth0 is external network and eth1 is for local LAN. Any help is appreciated Regard Vivek Chalotra GRID Project Associate, High Energy Physics Group, Department of Physics Electronics, University of Jammu, Jammu 180006, INDIA.
Re: Autofs segfaults on 6.3 - and solution
On Wed, Oct 3, 2012 at 4:03 PM, Konstantin Olchanski olcha...@triumf.ca wrote: On Wed, Oct 03, 2012 at 07:00:00AM -0400, Tom H wrote: On Mon, Oct 1, 2012 at 6:53 PM, Konstantin Olchanski olcha...@triumf.ca wrote: On Sat, Sep 29, 2012 at 04:28:22PM +0200, Gerhard Schneider wrote: After upgrading to 6.3 we were seeing autofs segfaulting on many machines. Something is rotten in the state of Denmark. First busted NIS (no broadcast NIS), then busted DRACUT (no boot from raid-0 disks), and now this? What, me worry? As was pointed out in [1], RH gives precedence to its paying customers who are most likely large corporations where neither NIS nor RAID0 are used... I somehow doubt that there are no paying customers who use NIS, Autofs and MD/Raid0. Anyhow, from what I see, paying for support would be a complete waste of money because both for paying customer and for freeloader, the products are still broken with no fix. To make it look even worse, the nature of NIS and Autofs breakage indicates either a large hole in their testing procedure (I assume they do test NIS and Autofs) or a major shift of focus away from traditional Unix (in which case NIS, Autofs co have de-facto become unmaintained). NIS: I very much doubt that RH's biggest customers are using NIS, even kerberized NIS, both for security and for scale reasons. We certainly couldn't use NIS because of both internal and external security rules. (I also don't understand why anyone would use NIS broadcast but maybe my NIS knowledge is stale because I haven't used it in a while). AUTOFS: Not only does the bug only affect tcp-only nfs mounts (which is unlikely to have been implemented yet in a conservative, large environment) but the bug report (it's now private so I can't check this) had a link to an rpm that solved the problem, AFAIR. We have an RH engineer on-site once a week and an RH account manager on-site once every week or two weeks (I don't pay that much attention to him) so you can be sure that if we had such a problem, we'd have a solution fairly quickly. RAID0: LOL. If I suggested using RAID0, even on a simple dev box, I'd either be asked to clear my desk on the spot or my name would rise immediately to #1 on the headcount-reduction list...
Re: Autofs segfaults on 6.3 - and solution
RAID0: LOL. If I suggested using RAID0, even on a simple dev box, I'd either be asked to clear my desk on the spot or my name would rise immediately to #1 on the headcount-reduction list... That is supposed to be RAID1, I think Konstantin has a buggy keyboard as well ;-) Cheers Sean smime.p7s Description: S/MIME Cryptographic Signature
Re: Iptable rule required to block youtube
On 10/4/12 3:27 AM, vivek chalotra wrote: And now i want to block youtube on my network. It can be done with iptables however it's not for the faint of heart. I did some reading about it on a dd-wrt website and it wasn't something I found as an easy solution to a single problem such as this. However, blocking by name string leaves open the ipaddress approach so you have to do both things and this isn't something easily maintained. May I respectfully suggest that the problem isn't at the iptables level but at the user level? A simple You do it, you're cut off. rule is more effective and would move the responsibility from you and the system software to those managing the users. -- MCTMichael C Tiernan xmpp:mtier...@mit.edu +1 (617) 324-9173 MIT - Laboratory for Nuclear Science - http://www.lns.mit.edu High Perf Research Computing Facility at The Bates Linear Accelerator Please avoid sending me MS-Word or MS-PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Iptable rule required to block youtube
Have you looked into setting up a Squid proxy/filter? Much less of a headache than doing it at the iptables level. On 10/04/2012 08:26 AM, Michael Tiernan wrote: On 10/4/12 3:27 AM, vivek chalotra wrote: And now i want to block youtube on my network. It can be done with iptables however it's not for the faint of heart. I did some reading about it on a dd-wrt website and it wasn't something I found as an easy solution to a single problem such as this. However, blocking by name string leaves open the ipaddress approach so you have to do both things and this isn't something easily maintained. May I respectfully suggest that the problem isn't at the iptables level but at the user level? A simple You do it, you're cut off. rule is more effective and would move the responsibility from you and the system software to those managing the users. -- MCTMichael C Tiernan xmpp:mtier...@mit.edu +1 (617) 324-9173 MIT - Laboratory for Nuclear Science - http://www.lns.mit.edu High Perf Research Computing Facility at The Bates Linear Accelerator Please avoid sending me MS-Word or MS-PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
RE: Iptable rule required to block youtube
Content filtering would be the way to go. For an interim solution, if you control your DNS servers, block it at the DNS level. From: owner-scientific-linux-us...@listserv.fnal.gov [mailto:owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of Trenton Ray Sent: Thursday, October 04, 2012 4:29 AM To: vivekat...@gmail.com Cc: scientific-linux-us...@fnal.gov Subject: Re: Iptable rule required to block youtube Have you looked into setting up a Squid proxy/filter? Much less of a headache than doing it at the iptables level. On 10/04/2012 08:26 AM, Michael Tiernan wrote: On 10/4/12 3:27 AM, vivek chalotra wrote: And now i want to block youtube on my network. It can be done with iptables however it's not for the faint of heart. I did some reading about it on a dd-wrt website and it wasn't something I found as an easy solution to a single problem such as this. However, blocking by name string leaves open the ipaddress approach so you have to do both things and this isn't something easily maintained. May I respectfully suggest that the problem isn't at the iptables level but at the user level? A simple You do it, you're cut off. rule is more effective and would move the responsibility from you and the system software to those managing the users. -- MCTMichael C Tiernan xmpp:mtier...@mit.edu +1 (617) 324-9173 MIT - Laboratory for Nuclear Science - http://www.lns.mit.edu High Perf Research Computing Facility at The Bates Linear Accelerator Please avoid sending me MS-Word or MS-PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Iptable rule required to block youtube
To start a little bash-fu:
dig youtube.com | egrep youtube.com | awk '{ print $5 }' | grep . | grep
-v '' yt.dig
From here it isn't hard to append your blocking rules.
If you need more help I'm sure myself or others on the list can further
script this and you can choose how often you'd want to rewrite your
iptables rules kept here:
/etc/sysconfig/iptables
Best of luck!
On Thu, Oct 4, 2012 at 9:40 AM, Novick, Jeffrey L CTR (US)
jeffrey.l.novick@mail.mil wrote:
Content filtering would be the way to go.
For an interim solution, if you control your DNS servers, block it at the
DNS level.
From: owner-scientific-linux-us...@listserv.fnal.gov [mailto:
owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of Trenton Ray
Sent: Thursday, October 04, 2012 4:29 AM
To: vivekat...@gmail.com
Cc: scientific-linux-us...@fnal.gov
Subject: Re: Iptable rule required to block youtube
Have you looked into setting up a Squid proxy/filter? Much less of a
headache than doing it at the iptables level.
On 10/04/2012 08:26 AM, Michael Tiernan wrote:
On 10/4/12 3:27 AM, vivek chalotra wrote:
And now i want to block youtube on my network.
It can be done with iptables however it's not for the faint of heart. I
did some reading about it on a dd-wrt website and it wasn't something I
found as an easy solution to a single problem such as this.
However, blocking by name string leaves open the ipaddress approach so you
have to do both things and this isn't something easily maintained.
May I respectfully suggest that the problem isn't at the iptables level
but at the user level?
A simple You do it, you're cut off. rule is more effective and would
move the responsibility from you and the system software to those managing
the users.
--
MCTMichael C Tiernan xmpp:mtier...@mit.edu +1 (617) 324-9173
MIT - Laboratory for Nuclear Science - http://www.lns.mit.edu
High Perf Research Computing Facility at The Bates Linear Accelerator
Please avoid sending me MS-Word or MS-PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
--
http://stevenmiano.com/ Miano, Steven M.
http://stevenmiano.com
Re: Iptable rule required to block youtube
On 10/04/2012 09:58 AM, Steven Miano wrote:
dig youtube.com http://youtube.com | egrep youtube.com http://youtube.com | awk '{
print $5 }' | grep . | grep -v '' yt.dig
You'd block google's DNS servers with that, which might not be a problem on the client,
but may I suggest a new and improved method:
host youtube.com | awk '/has address/ {print $NF}'
74.125.228.5
74.125.228.3
74.125.228.1
74.125.228.14
74.125.228.0
74.125.228.8
74.125.228.2
74.125.228.6
74.125.228.4
74.125.228.9
74.125.228.7
Remove the awk filter and you'll also see the IPv6:
youtube.com has IPv6 address 2607:f8b0:400d:c00::5d
disk recommendations
I've run into problems trying to use desktop disks in a RAID array with a MegaRAID 9260-8i. I built 2 previous systems with desktop disks and did not have any problems but I've been unable to get this 3rd system to function stably. Disks dropped from the array except the disks are fine which I proved by deleting the disk group and starting again. This behaviour is consistent with Western Digital's discussion about TLER (time-limited error recovery) and their admonition to use enterprise disks instead of desktop disks. I was wondering if there are ways of getting around this problem without having to buy another set of disks. Googling suggests some options to try but I thought I'd used the list as a sounding board first before embarking on options. Thanks!
Beginner questions
Sorry for the low level questions but I have two point which I need to better understand: SO : SCIENTIFIC LINUX 5.5 a) yum In /etc/cron yum.cron correspond to the orginal.yum.cron so some autoupdates are enabled in yum.excludes are defined the packages which are not updatet in mine for example thereis kernel* so the kernel should be not updatet instead an update of the kernel was done! Why? b) installation of sendmail installed latest associated to SL5 turn on the run of the service at boot (level 3 and 5) the sendmail deamon is started the configuration is the standard one try to send an e-mail results dead.letter? Forgot somethings?
Re: Beginner questions
a.) yes if you list kernel* in your excludes list it should not update any package starting with kernel b.) /var/log/maillog should have some information about any messages you attempt to send. There could be, literally, 100s of reasons it didn't work. On Thu, Oct 4, 2012 at 11:49 AM, O.D. Massimo mass...@chimica.unige.itwrote: Sorry for the low level questions but I have two point which I need to better understand: SO : SCIENTIFIC LINUX 5.5 a) yum In /etc/cron yum.cron correspond to the orginal.yum.cron so some autoupdates are enabled in yum.excludes are defined the packages which are not updatet in mine for example thereis kernel* so the kernel should be not updatet instead an update of the kernel was done! Why? b) installation of sendmail installed latest associated to SL5 turn on the run of the service at boot (level 3 and 5) the sendmail deamon is started the configuration is the standard one try to send an e-mail results dead.letter? Forgot somethings? -- Thanks, Jamie Duncan
Re: disk recommendations
My understanding is that the main difference between desktop drives and enterprise raid array drives in this regard is that the drive firmware is configured to retry errors a lot longer on the desktop drives. It is also my experience, although it was a few years ago on older model WD drives, that the main thing that would produce problems of disk drives dropping out of the array (desktop or enterprise) is unexpected vibration of one kind or another. Easy for harmonics to build up between the fans and the drive heads. We have several Megaraid 9260-i controllers (and their successors and their predecessors) in production but we did spend the money for the enterprise drives. Steve Timm On Thu, 4 Oct 2012, Ken Teh wrote: I've run into problems trying to use desktop disks in a RAID array with a MegaRAID 9260-8i. I built 2 previous systems with desktop disks and did not have any problems but I've been unable to get this 3rd system to function stably. Disks dropped from the array except the disks are fine which I proved by deleting the disk group and starting again. This behaviour is consistent with Western Digital's discussion about TLER (time-limited error recovery) and their admonition to use enterprise disks instead of desktop disks. I was wondering if there are ways of getting around this problem without having to buy another set of disks. Googling suggests some options to try but I thought I'd used the list as a sounding board first before embarking on options. Thanks! -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Fermilab Computing Division, Scientific Computing Facilities, Grid Facilities Department, FermiGrid Services Group, Group Leader. Lead of FermiCloud project.
Re: disk recommendations
Greetings, I have built many RAID systems using desktop disks and they are generally quite stable. One of the issues with WD drives are with their Green drives. By default, they park the heads after ~8 seconds of inactivity. This will cause them to drop out of the array. The disk firmware can be configured to disable this feature. I have had very good luck with Samsung and Seagate drives. I have never spent the money on Enterprise level drives. BTW: The head parking feature is notoriously bad. If you calculate 1 park every 8 seconds. At constant usage, the drive will die in about 3 months. Perhaps this feature is fine for a desktop, but it is not for a server or production environment. Good luck, doug My understanding is that the main difference between desktop drives and enterprise raid array drives in this regard is that the drive firmware is configured to retry errors a lot longer on the desktop drives. It is also my experience, although it was a few years ago on older model WD drives, that the main thing that would produce problems of disk drives dropping out of the array (desktop or enterprise) is unexpected vibration of one kind or another. Easy for harmonics to build up between the fans and the drive heads. We have several Megaraid 9260-i controllers (and their successors and their predecessors) in production but we did spend the money for the enterprise drives. Steve Timm On Thu, 4 Oct 2012, Ken Teh wrote: I've run into problems trying to use desktop disks in a RAID array with a MegaRAID 9260-8i. I built 2 previous systems with desktop disks and did not have any problems but I've been unable to get this 3rd system to function stably. Disks dropped from the array except the disks are fine which I proved by deleting the disk group and starting again. This behaviour is consistent with Western Digital's discussion about TLER (time-limited error recovery) and their admonition to use enterprise disks instead of desktop disks. I was wondering if there are ways of getting around this problem without having to buy another set of disks. Googling suggests some options to try but I thought I'd used the list as a sounding board first before embarking on options. Thanks! -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Fermilab Computing Division, Scientific Computing Facilities, Grid Facilities Department, FermiGrid Services Group, Group Leader. Lead of FermiCloud project. Doug Johnsonemail: drj...@pizero.colorado.edu B390, Duane Physics (303)-492-4506 Office Boulder, CO 80309 (303)-492-5119 FAX http://www.aaccchildren.org Being right is not a justification for being rude. In fact, there are no justifications for being rude.
Re: Iptable rule required to block youtube
I'm confused as to why it would block the Google DNS servers (which I
believe are 8.8.8.8 and 8.8.4.4 unless they have more? resolve to):
8.8.8.8.in-addr.arpa. 43194 IN PTR
google-public-dns-a.google.com.
My results to both of our suggestions seem to be identical. Very
interesting that we get completely different results though. :-)
[mianosm@dev ~]$ host youtube.com | awk '/has address/ {print $NF}'
173.194.37.100
173.194.37.105
173.194.37.96
173.194.37.104
173.194.37.102
173.194.37.101
173.194.37.99
173.194.37.110
173.194.37.98
173.194.37.103
173.194.37.97
[mianosm@dev ~]$ dig youtube.com | egrep youtube.com | awk '{ print $5 }' |
grep -v '' | grep .
173.194.37.100
173.194.37.105
173.194.37.96
173.194.37.104
173.194.37.102
173.194.37.101
173.194.37.99
173.194.37.110
173.194.37.98
173.194.37.103
173.194.37.97
On Thu, Oct 4, 2012 at 11:27 AM, Chris Schanzle schan...@nist.gov wrote:
On 10/04/2012 09:58 AM, Steven Miano wrote:
dig youtube.com http://youtube.com | egrep youtube.com
http://youtube.com | awk '{ print $5 }' | grep . | grep -v '' yt.dig
You'd block google's DNS servers with that, which might not be a problem
on the client, but may I suggest a new and improved method:
host youtube.com | awk '/has address/ {print $NF}'
74.125.228.5
74.125.228.3
74.125.228.1
74.125.228.14
74.125.228.0
74.125.228.8
74.125.228.2
74.125.228.6
74.125.228.4
74.125.228.9
74.125.228.7
Remove the awk filter and you'll also see the IPv6:
youtube.com has IPv6 address 2607:f8b0:400d:c00::5d
--
http://stevenmiano.com/ Miano, Steven M.
http://stevenmiano.com
Re: Iptable rule required to block youtube
Disregard this. You can not stop youtube at Layer 3. Or you will lose
Google pretty much.
Sorry.
On Thu, Oct 4, 2012 at 1:12 PM, Steven Miano mian...@gmail.com wrote:
I'm confused as to why it would block the Google DNS servers (which I
believe are 8.8.8.8 and 8.8.4.4 unless they have more? resolve to):
8.8.8.8.in-addr.arpa. 43194 IN PTR
google-public-dns-a.google.com.
My results to both of our suggestions seem to be identical. Very
interesting that we get completely different results though. :-)
[mianosm@dev ~]$ host youtube.com | awk '/has address/ {print $NF}'
173.194.37.100
173.194.37.105
173.194.37.96
173.194.37.104
173.194.37.102
173.194.37.101
173.194.37.99
173.194.37.110
173.194.37.98
173.194.37.103
173.194.37.97
[mianosm@dev ~]$ dig youtube.com | egrep youtube.com | awk '{ print $5 }'
| grep -v '' | grep .
173.194.37.100
173.194.37.105
173.194.37.96
173.194.37.104
173.194.37.102
173.194.37.101
173.194.37.99
173.194.37.110
173.194.37.98
173.194.37.103
173.194.37.97
On Thu, Oct 4, 2012 at 11:27 AM, Chris Schanzle schan...@nist.gov wrote:
On 10/04/2012 09:58 AM, Steven Miano wrote:
dig youtube.com http://youtube.com | egrep youtube.com
http://youtube.com | awk '{ print $5 }' | grep . | grep -v ''
yt.dig
You'd block google's DNS servers with that, which might not be a problem
on the client, but may I suggest a new and improved method:
host youtube.com | awk '/has address/ {print $NF}'
74.125.228.5
74.125.228.3
74.125.228.1
74.125.228.14
74.125.228.0
74.125.228.8
74.125.228.2
74.125.228.6
74.125.228.4
74.125.228.9
74.125.228.7
Remove the awk filter and you'll also see the IPv6:
youtube.com has IPv6 address 2607:f8b0:400d:c00::5d
--
http://stevenmiano.com/ Miano, Steven M.
http://stevenmiano.com
--
http://stevenmiano.com/ Miano, Steven M.
http://stevenmiano.com
Re: Autofs segfaults on 6.3 - and solution
On Thu, Oct 4, 2012 at 8:01 AM, Sean Murray mur...@tlabs.ac.za wrote: RAID0: LOL. If I suggested using RAID0, even on a simple dev box, I'd either be asked to clear my desk on the spot or my name would rise immediately to #1 on the headcount-reduction list... That is supposed to be RAID1, I think Konstantin has a buggy keyboard as well ;-) Oh! So Konstantin's confusing 0s and 1s. Maybe he's produced by Intel! ;) I now remember the bug. There was a public bug to which Harald posted a possible fix a few weeks after it was reported and there was a private bug, where most of the real discussion and work must've taken place that resulted in a fix and an advisory after 4 or 5 months. Far too long, I agree...
RE: disk recommendations
I found that especially bad via USB adapters for the WD Green disks. For a 6 disk array. For 2 Disk via eSATA, works OK so far, but I really would stay away from the green disks for RAID. -- James Pulver LEPP Computer Group Cornell University -Original Message- From: owner-scientific-linux-us...@listserv.fnal.gov [mailto:owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of Doug Johnson Sent: Thursday, October 04, 2012 1:07 PM To: Steven Timm Cc: Ken Teh; scientific-linux-users Subject: Re: disk recommendations Greetings, I have built many RAID systems using desktop disks and they are generally quite stable. One of the issues with WD drives are with their Green drives. By default, they park the heads after ~8 seconds of inactivity. This will cause them to drop out of the array. The disk firmware can be configured to disable this feature. I have had very good luck with Samsung and Seagate drives. I have never spent the money on Enterprise level drives. BTW: The head parking feature is notoriously bad. If you calculate 1 park every 8 seconds. At constant usage, the drive will die in about 3 months. Perhaps this feature is fine for a desktop, but it is not for a server or production environment. Good luck, doug My understanding is that the main difference between desktop drives and enterprise raid array drives in this regard is that the drive firmware is configured to retry errors a lot longer on the desktop drives. It is also my experience, although it was a few years ago on older model WD drives, that the main thing that would produce problems of disk drives dropping out of the array (desktop or enterprise) is unexpected vibration of one kind or another. Easy for harmonics to build up between the fans and the drive heads. We have several Megaraid 9260-i controllers (and their successors and their predecessors) in production but we did spend the money for the enterprise drives. Steve Timm On Thu, 4 Oct 2012, Ken Teh wrote: I've run into problems trying to use desktop disks in a RAID array with a MegaRAID 9260-8i. I built 2 previous systems with desktop disks and did not have any problems but I've been unable to get this 3rd system to function stably. Disks dropped from the array except the disks are fine which I proved by deleting the disk group and starting again. This behaviour is consistent with Western Digital's discussion about TLER (time-limited error recovery) and their admonition to use enterprise disks instead of desktop disks. I was wondering if there are ways of getting around this problem without having to buy another set of disks. Googling suggests some options to try but I thought I'd used the list as a sounding board first before embarking on options. Thanks! -- Steven C. Timm, Ph.D (630) 840-8525 t...@fnal.gov http://home.fnal.gov/~timm/ Fermilab Computing Division, Scientific Computing Facilities, Grid Facilities Department, FermiGrid Services Group, Group Leader. Lead of FermiCloud project. Doug Johnsonemail: drj...@pizero.colorado.edu B390, Duane Physics (303)-492-4506 Office Boulder, CO 80309 (303)-492-5119 FAX http://www.aaccchildren.org Being right is not a justification for being rude. In fact, there are no justifications for being rude.
Re: disk recommendations
Similar findings here, where the first batch of drives in our hadoop clusters were WD greens. smartctl shows huge Load_Cycle_Count numbers for those drives which have been in service for a while (and they do indeed keep us busy with RMAs). Eventually we found this utility which can disable the absurdly short head-park timer from within linux: http://idle3-tools.sourceforge.net/ which might help, but I wouldn't choose to buy these drives again for this purpose. Graham On Thu, Oct 04, 2012 at 11:07:03AM -0600, Doug Johnson wrote: Greetings, I have built many RAID systems using desktop disks and they are generally quite stable. One of the issues with WD drives are with their Green drives. By default, they park the heads after ~8 seconds of inactivity. This will cause them to drop out of the array. The disk firmware can be configured to disable this feature. I have had very good luck with Samsung and Seagate drives. I have never spent the money on Enterprise level drives. BTW: The head parking feature is notoriously bad. If you calculate 1 park every 8 seconds. At constant usage, the drive will die in about 3 months. Perhaps this feature is fine for a desktop, but it is not for a server or production environment. -- - Graham Allan - I.T. Manager - al...@physics.umn.edu - (612) 624-5040 School of Physics and Astronomy - University of Minnesota -
Re: Iptable rule required to block youtube
On Thu, Oct 04, 2012 at 12:57:00PM +0530, vivek chalotra wrote: And now i want to block youtube on my network. kindly suggest iptable rules to do that. block youtube on my network is not a very well defined wish. If you want to merely block the well known youtube IP and DNS addresses, you can use iptables, etc. Be prepared to update these lists frequently to keep up with things like youtu.be co. If you want to prevent users of the network from watching all youtube videos always, give up now. First of all, you will have to be able to handle legitimate exceptions: how do I watch training videos for Altera Quartus software that happen to be hosted on youtube?!?. Second, you will have to handle all the possible 3rd party redirectors, proxies, and other kludges specifically designed to circumvent youtube blockers such as you are try to build. -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
Re: Iptable rule required to block youtube
Maybe you should take a look at ClearOS[1]. It is a RHEL based distribution from a company that, now, develops layer7-filter. In a simple way I was able to block all FLV videos (even if the users are still able to reach youtube.com, they can not see any videos). [1] - http://www.clearfoundation.com/Software/overview.html -- Henrique LonelySpooky Junior http://about.me/henriquejunior From: Konstantin Olchanski olcha...@triumf.ca To: vivek chalotra vivekat...@gmail.com Cc: scientific-linux-us...@fnal.gov Sent: Thursday, October 4, 2012 3:10 PM Subject: Re: Iptable rule required to block youtube On Thu, Oct 04, 2012 at 12:57:00PM +0530, vivek chalotra wrote: And now i want to block youtube on my network. kindly suggest iptable rules to do that. block youtube on my network is not a very well defined wish. If you want to merely block the well known youtube IP and DNS addresses, you can use iptables, etc. Be prepared to update these lists frequently to keep up with things like youtu.be co. If you want to prevent users of the network from watching all youtube videos always, give up now. First of all, you will have to be able to handle legitimate exceptions: how do I watch training videos for Altera Quartus software that happen to be hosted on youtube?!?. Second, you will have to handle all the possible 3rd party redirectors, proxies, and other kludges specifically designed to circumvent youtube blockers such as you are try to build. -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
Re: Autofs segfaults on 6.3 - and solution
On Thu, Oct 04, 2012 at 01:22:21PM -0400, Tom H wrote: On Thu, Oct 4, 2012 at 8:01 AM, Sean Murray mur...@tlabs.ac.za wrote: RAID0: LOL. If I suggested using RAID0, even on a simple dev box, I'd either be asked to clear my desk on the spot or my name would rise immediately to #1 on the headcount-reduction list... That is supposed to be RAID1, I think Konstantin has a buggy keyboard as well ;-) Oh! So Konstantin's confusing 0s and 1s. Maybe he's produced by Intel! ;) I wish. Unlink the Intel fdiv bug which yielded wrong results consistently, my brain does it randomly. I now remember the bug. There was a public bug to which Harald posted a possible fix a few weeks after it was reported and there was a private bug, where most of the real discussion and work must've taken place that resulted in a fix and an advisory after 4 or 5 months. Far too long, I agree... Yes, the bug was no boot if 1 disk of a mirrored set is missing. As follow up, here I report that I duely tested the fix, confirmed that I can boot with either of the 2 disks missing, pushed this into a production machine, which now happily does not boot at all with both disks present (one has to do the rdshell, mdadm -As, continue dance, then it boots). If you have seen the dracut md code, you would wonder why it boot ever at all, ever. -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
