Discuss June 2014

discuss@lists.centos.org

122 participants
119 discussions

CentOS 6 - Ethernet Bond Errors, 1 per frame
by Nick Niemeyer 24 Jun '14

24 Jun '14

# modinfo ixgbe filename: /lib/modules/2.6.32-431.el6.x86_64/kernel/drivers/net/ixgbe/ixgbe.ko version: 3.15.1-k license: GPL description: Intel(R) 10 Gigabit PCI Express Network Driver author: Intel Corporation, <linux.nics(a)intel.com> srcversion: B390E9D9904338B52C2E361 I have updated this to 3.18.7-1 as well, same results # ifconfig bond1 |grep error RX packets:4476995 errors:6940 dropped:0 overruns:0 frame:6940 TX packets:2130564 errors:0 dropped:0 overruns:0 carrier:0 # cat /proc/net/bonding/bond1 Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009) Bonding Mode: adaptive load balancing Primary Slave: None Currently Active Slave: p6p1 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: p6p1 MII Status: up Speed: 10000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 90:e2:ba:1e:12:5c Slave queue ID: 0 Slave Interface: p6p2 MII Status: up Speed: 10000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 90:e2:ba:1e:12:5d Slave queue ID: 0 Any suggestions and help are much appreciated! Thanks! Nick

2 1

Re: [CentOS] good thin client PDF reader for centos 6.4
by Peter Arremann 23 Jun '14

23 Jun '14

On Jun 19, 2014 10:12 PM, "Bob Hepple" <bob.hepple(a)gmail.com> wrote: > > <m.roth@...> writes: > > > > > Dan Hyatt wrote: > > > Any suggestions for a good lightweight pdf reader for my centos servers? > > > > > evince, that I think is installed by default? > > > > Oh, and here's a neat one that's *not* a lightweight reader, that my > > manager introduced me to last year: xournal. It lets you *edit* .pdfs, > > including the ones that don't intend for you to edit them. It was *really* > > nice to have that when we did our (US) state taxes - the federal forms are > > editable, but not the state, except I could with xournal. > > > > mark > > > > Nice find - but it lacks a 'Find' function unless I'm going blind. > > okular is another KDE one that I like - rpm is 703186 bytes > > epdview is another - rpm is 416642 bytes > > > Bob I don't think that the rpm size has much to do with a lightweight process. Shared libs, bad programming, ... can all easily cause a small rpm to cause more disk space, memory and CPU usage than a larger one. If I have to do something remotely or just want a quick glance at something, I still use xpdf. Old interface but just like vi, once you got used to it, it's just quicker and easier than most modern alternatives. Peter.

6 7

firefox keeps downloading .iso files
by Michael Hennebry 23 Jun '14

23 Jun '14

Whenever I start firfox, it tries to download two .iso files into Desktop. Until recently, I wouldn't notice until it announced that it had run out of room. At that point I would click on the messages to make them go away. In the mean time, it had been chewing up bandwidth. One file, I had tried to download by mistake. Don't remmeber what I did with it on purpose. The other I downloaded into a partition with more room. I found this: https://support.mozilla.org/en-US/questions/926609 I did not like the side-effects. For now, I've stopped the downloads by replacing the target files with empty unreadable files. Now I get an error message right away and it does not chew up my bandwidth. I'd lke a better solution. Any ideas? [hennebry@localhost firefox]$ uname -a Linux localhost.localdomain 2.6.32-431.17.1.el6.x86_64 #1 SMP Wed May 7 23:32:49 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [hennebry@localhost firefox]$ firefox --version Mozilla Firefox 24.5.0 [hennebry@localhost firefox]$ -- Michael hennebry(a)web.cs.ndsu.NoDak.edu "SCSI is NOT magic. There are *fundamental technical reasons* why it is necessary to sacrifice a young goat to your SCSI chain now and then." -- John Woods

4 7

mdraid Q on c6...
by John R Pierce 23 Jun '14

23 Jun '14

so, I installed a c6 system offsite today, had to do it in a hurry. box has 2 disks meant to be mirrored... I couldn't figure out how to get anaconda to build a LVM root on a mirror, so I ended up just installing a /boot and vg_system on sda and raid it later. every howto I find for linux says to half-raid the OTHER disk, COPY everything to it, then boot from it and wipe the first disk and then bond it as a mirror of the 2nd. Thats kind of ugly. in solaris, you can tell it that your existing partition is half of a mirror, update /etc/vfstab, then reboot, and then join a mirror to it. this seems much cleaner to me than copying everything. I tried to do this the solaris way, and at the first step, am told... # mdadm --create /dev/md0 --level=mirror --raid-devices=2 /dev/sda2 missing mdadm: cannot open /dev/sda2: Device or resource busy /dev/sda2 contains the LVM root vg... so... I'm thinking I''ll boot a rescue system from usb, create the half mirror, then reboot to the incomplete raid and add mirror /dev/sdb2 will the VG be found on /dev/md0 instead of on /dev/sda2 ? if so, is there any other reason this won't work? -- john r pierce 37N 122W somewhere on the middle of the left coast

4 6

Re: [CentOS] [CentOS-devel] [OT, partly]epel question (Mate problem)
by James B. Byrne 23 Jun '14

23 Jun '14

On Sat, June 21, 2014 17:47, Fred Smith wrote: > > from these symptoms I don't think I can tell if it's a caja problem, or an > issue with whoever starts up caja after login (something in systemd ???) > Something wrong with systemd? Say it ain't so. . . -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

1 0

mail delivery question
by Chuck Campbell 23 Jun '14

23 Jun '14

I've built a new mail system with Centos 6.5, and I'm running fetchmail - sendmail - procmail to maildir. I have all of this working at the moment.(I know, postfix was the default, but for lots of other reasons, I switched, and that isn't an issue, I don't think). I am using dovecot as an imap server. Procmail won't update indexes during email delivery, so I'm having some performance delays and lags when accessing the emails via imap. I would like to use dovecot-lda for delivery, but I get permission denied errors, and I don't know why or where they are coming from. Here is the .procmailrc and procmail log file response when I try to use dovecot-lda from procmail: .procmailrc SHELL=/bin/sh PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:. # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one MAILDIR=$HOME/Maildir/ # You'd better make sure it exists ' DEFAULT=$MAILDIR LOGFILE="$HOME/procmail_log" LOCKFILE="$HOME/.lockmail" LOCKEXT=.lock :0 * . { LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL" } :0 c .ham_to_learn/ :0 | /usr/libexec/dovecot/deliver -m $DEFAULT I get this in my log file: procmail: [27709] Fri Jun 20 14:00:17 2014 default recipe using copy to .ham_to_learn/ (maildir version) procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403290809.27709_3.helium" procmail: Assigning "LASTFOLDER=/usr/libexec/dovecot/deliver -m /home/campbell/Maildir/" procmail: Notified comsat: "campbell@:/usr/libexec/dovecot/deliver -m /home/campbell/Maildir/" >From campbell(a)accelinc.com Fri Jun 20 14:00:06 2014 Subject: Re: Uruguay gravity model description Folder: /usr/libexec/dovecot/deliver -m /home/campbell/Maildir/ 10470 procmail: Unlocking "/home/campbell/.lockmail" procmail: Executing "/usr/libexec/dovecot/deliver,-m,/home/campbell/Maildir/" /bin/sh: /usr/libexec/dovecot/deliver: Permission denied ls -laFZ /usr/libexec/ <snip> drwxr-xr-x. root root system_u:object_r:bin_t:s0 dovecot/ <snip> ls -laFZ /usr/libexec/dovecot <snip> lrwxrwxrwx. root root system_u:object_r:bin_t:s0 deliver -> dovecot-lda* -rwxr-xr-x. root root system_u:object_r:dovecot_deliver_exec_t:s0 dovecot-lda* <snip> It doesn't matter whether I reference the link file, or dovecot-lda directly, I get the same result. I'm not getting any AVC (SELinux) entries in my /var/log/audit/audit.log, so it doesn't appear to be unix permissions, or SELinux issues. How can I find out what permissions I need to change? -chuck -------------------------------------------------------------- current working (but not indexing) examples below here. Two versions using procmail for delivery that succeed: If my .procmailrc file that looks like this: SHELL=/bin/sh PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:. # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one MAILDIR=$HOME/Maildir/ # You'd better make sure it exists ' DEFAULT=$MAILDIR LOGFILE="$HOME/procmail_log" LOCKFILE="$HOME/.lockmail" LOCKEXT=.lock :0 * . { LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL" } :0 c .ham_to_learn/ I get this in my log file: procmail: [27580] Fri Jun 20 13:37:55 2014 default recipe using copy to .ham_to_learn/ (maildir version) procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403289475.27580_2.helium" procmail: Assigning "LASTFOLDER=/home/campbell/Maildir/new/1403289475.27580_3.helium" procmail: Notified comsat: "campbell@0:/home/campbell/Maildir/new/1403289475.27580_3.helium" >From campbell(a)accelinc.com Fri Jun 20 13:37:55 2014 Subject: t41 Folder: /home/campbell/Maildir/new/1403289475.27580_3.helium 4299 procmail: Unlocking "/home/campbell/.lockmail" I get a copy in my inbox and a copy in my ham to learn folder. All appears OK If I use this recipe: SHELL=/bin/sh PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/usr/contrib/bin:. # one page suggested MAILDIR has no trailing slash, but DEFAULT should have one MAILDIR=$HOME/Maildir/ # You'd better make sure it exists ' DEFAULT=$MAILDIR LOGFILE="$HOME/procmail_log" LOCKFILE="$HOME/.lockmail" LOCKEXT=.lock :0 * . { LOG="$NL default recipe using copy to .ham_to_learn/ (maildir version) $NL" } :0 c .ham_to_learn/ :0 $DEFAULT I get this in my log file (same as above, all is well): procmail: [27646] Fri Jun 20 13:46:25 2014 default recipe using copy to .ham_to_learn/ (maildir version) procmail: Assigning "LASTFOLDER=.ham_to_learn/new/1403289985.27646_2.helium" procmail: Assigning "LASTFOLDER=/home/campbell/Maildir/new/1403289985.27646_3.helium" procmail: Notified comsat: "campbell@0:/home/campbell/Maildir/new/1403289985.27646_3.helium" >From campbell(a)accelinc.com Fri Jun 20 13:45:53 2014 Subject: t43 Folder: /home/campbell/Maildir/new/1403289985.27646_3.helium 4603 procmail: Unlocking "/home/campbell/.lockmail" -- ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph. | and Integrated Interpretation | (713)993-0608 fax 448 W. 19th St. #325| Since 1992 | (713)306-5794 cell Houston, TX, 77008 | Chuck Campbell | campbell(a)accelinc.com | President & Senior Geoscientist | "Integration means more than having all the maps at the same scale!"

3 2

CentOS 6.5 driver for a Broadcom Corporation BCM4313 chipset
by HM Johnson 22 Jun '14

22 Jun '14

Hello CentOS admins. I am an AIX admin bent on learning CentOS. Yesterday I downloaded CentOS-6.5-x86_64-bin-DVD1.iso, burned a DVD and loaded it onto a Lenovo IdeaPad N585 laptop. All went well, except for getting the integrated wireless to work. Here is some info and what I tried so far. # lspci|egrep -i wireless 06:00.0 Network controller: Broadcom Corporation BCM4313 802.11bgn Wireless Network Adapter (rev 01) # uname -r 2.6.32-431.el6.x86_64 I found these instructions for building a driver for the BCM4313 chip set: http://wiki.centos.org/HowTos/Laptops/Wireless/Broadcom?action=show I went to this site: http://www.broadcom.com/support/802.11/linux_sta.php and downloaded this file: hybrid-v35_64-nodebug-pcoem-6_30_223_141.tar.gz No problem with this: yum install kernel-headers kernel-devel gcc I extracted the file: mkdir -p /usr/local/src/hybrid-wl cd /usr/local/src/hybrid-wl pwd tar xvfz /root/Downloads/hybrid-v35_64-nodebug-pcoem-6_30_223_141.tar.gz chown -R root.root /usr/local/src/hybrid-wl Now is where the issues begin, with the make (I know bug surprise): # make -C /lib/modules/`uname -r`/build/ M=`pwd` make: *** /lib/modules/2.6.32-431.el6.x86_64/build/: No such file or directory. Stop. Build does not exist? Let's investigate this: # (cd /lib/modules/2.6.32-431.el6.x86_64/ ; ls -l)|egrep build lrwxrwxrwx. 1 root root 46 Jun 7 20:11 build -> ../../../usr/src/kernels/2.6.32-431.el6.x86_64 lrwxrwxrwx. 1 root root 5 Jun 7 20:11 source -> build Ok, so build is a link, let's investigate further: # cd /lib/modules/2.6.32-431.el6.x86_64/ # cd ../../../usr/src/kernels/ # ls -l total 4 drwxr-xr-x. 22 root root 4096 Jun 8 19:54 2.6.32-431.17.1.el6.x86_64 Hmmm, so build is a link to: 2.6.32-431.el6.x86_64 but what exists is: 2.6.32-431.17.1.el6.x86_64 Ok, let's try fixing the link: # cd /lib/modules/2.6.32-431.el6.x86_64/ # mv build build.bad # ln -s ../../../usr/src/kernels/2.6.32-431.17.1.el6.x86_64 build [root@picard 2.6.32-431.el6.x86_64]# ls -l |egrep build lrwxrwxrwx. 1 root root 51 Jun 9 21:50 build -> ../../../usr/src/kernels/2.6.32-431.17.1.el6.x86_64 lrwxrwxrwx. 1 root root 46 Jun 7 20:11 build.bad -> ../../../usr/src/kernels/2.6.32-431.el6.x86_64 lrwxrwxrwx. 1 root root 5 Jun 7 20:11 source -> build # ls -ld build lrwxrwxrwx. 1 root root 51 Jun 9 21:50 build -> ../../../usr/src/kernels/2.6.32-431.17.1.el6.x86_64 Ok, build is now a link pointing to something that exists, lets try the make again: # cd /usr/local/src/hybrid-wl # ls -l total 20 -rw-r--r--. 1 root root 8 Jun 8 20:27 built-in.o drwxrwxr-x. 2 root root 4096 Aug 1 2013 lib -rw-r--r--. 1 root root 4101 Aug 1 2013 Makefile drwxrwxr-x. 6 root root 4096 Aug 1 2013 src # make -C /lib/modules/`uname -r`/build/ M=`pwd` make: Entering directory `/usr/src/kernels/2.6.32-431.17.1.el6.x86_64' CFG80211 API is prefered for this kernel version Using CFG80211 API CC [M] /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.o /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:79: warning: ‘enum tx_power_setting’ declared inside parameter list /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:79: warning: its scope is only this definition or declaration, which is probably not what you want /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c: In function ‘wl_cfg80211_join_ibss’: /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:726: error: ‘struct cfg80211_ibss_params’ has no member named ‘channel’ /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c: At top level: /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1092: warning: ‘enum tx_power_setting’ declared inside parameter list /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1092: error: parameter 2 (‘type’) has incomplete type /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c: In function ‘wl_cfg80211_set_tx_power’: /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1103: error: ‘TX_POWER_AUTOMATIC’ undeclared (first use in this function) /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1103: error: (Each undeclared identifier is reported only once /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1103: error: for each function it appears in.) /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1105: error: ‘TX_POWER_LIMITED’ undeclared (first use in this function) /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1111: error: ‘TX_POWER_FIXED’ undeclared (first use in this function) /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c: At top level: /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1589: warning: initialization from incompatible pointer type /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1594: warning: initialization from incompatible pointer type /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1595: warning: initialization from incompatible pointer type /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1596: warning: initialization from incompatible pointer type /usr/local/src/hybrid-wl/src/wl/sys/wl_cfg80211_hybrid.c:1597: warning: initialization from incompatible pointer type etc, etc, etc for many, many lines Wow, I'm not sure where to even begin with this. Anyone got any ideas? What I'm trying to get is a CentOS 6.5 driver for a Broadcom Corporation BCM4313 chipset. Thanks,

6 10

CentOS-announce Digest, Vol 112, Issue 10
by centos-announce-request＠centos.org 21 Jun '14

21 Jun '14

Send CentOS-announce mailing list submissions to centos-announce(a)centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request(a)centos.org You can reach the person managing the list at centos-announce-owner(a)centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEEA-2014:0774 CentOS 5 tzdata Update (Johnny Hughes) 2. CEEA-2014:0774 CentOS 6 tzdata Update (Johnny Hughes) ---------------------------------------------------------------------- Message: 1 Date: Sat, 21 Jun 2014 02:32:22 +0000 From: Johnny Hughes <johnny(a)centos.org> Subject: [CentOS-announce] CEEA-2014:0774 CentOS 5 tzdata Update To: centos-announce(a)centos.org Message-ID: <20140621023222.GA17014(a)chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2014:0774 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-0774.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6cac83c8e78dca1d9c1dde1d4b66fa9b2698dc72a712494bd8d21097e9662c38 tzdata-2014e-1.el5.i386.rpm 7cd4d713f2efc3cfe81843ad24233332f551d40c1a63eab29224e16e29b6f931 tzdata-java-2014e-1.el5.i386.rpm x86_64: d9a31e643d54e6dbda1586b6250a5394e1a6a393d23e76307db55f657d466780 tzdata-2014e-1.el5.x86_64.rpm 46851242bcd9b08bce4f61495fafbca306fb0e630de25d58889f7530494041ef tzdata-java-2014e-1.el5.x86_64.rpm Source: 37def2ecee80d52f78d23039c0ae0d0cb585257cc082bd3140ccc4eabaf4c2db tzdata-2014e-1.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos(a)irc.freenode.net ------------------------------ Message: 2 Date: Sat, 21 Jun 2014 02:39:44 +0000 From: Johnny Hughes <johnny(a)centos.org> Subject: [CentOS-announce] CEEA-2014:0774 CentOS 6 tzdata Update To: centos-announce(a)centos.org Message-ID: <20140621023944.GA21578(a)n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2014:0774 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-0774.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8f1554559908f621191e3680d399d7bd7c3dfb41abc26ea96df516de56dcdf55 tzdata-2014e-1.el6.noarch.rpm 4e0ad36adc7e63e5d052cd8bac27b64bd38b5afdb4485b19dbcae825747136ed tzdata-java-2014e-1.el6.noarch.rpm x86_64: 8f1554559908f621191e3680d399d7bd7c3dfb41abc26ea96df516de56dcdf55 tzdata-2014e-1.el6.noarch.rpm 4e0ad36adc7e63e5d052cd8bac27b64bd38b5afdb4485b19dbcae825747136ed tzdata-java-2014e-1.el6.noarch.rpm Source: bce891952b1446af888100dd849a6d89973ec7ef388ebdd34e0a387e54257d24 tzdata-2014e-1.el6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos(a)irc.freenode.net ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce(a)centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 112, Issue 10 ************************************************

1 0

ATI Rage XL Driver for Centos 6.5
by H 20 Jun '14

20 Jun '14

I have just installed Centos 6.5 on a Asus motherboard with an embedded ATI Rage XL controller (and with no room to install a more capable graphics card) and it is infuriatingly slow, running in VESA mode. Unfortunately this card is not supported "out-of-the-box" by centos 6.5 and after Googling I have not found that the kmod-fglrx-legacy driver from elrepo would work either according to its info page. Does anyone have experience with this (dated) card? Thank you. Hakan

1 1

Re: [CentOS] iptables question
by James B. Byrne 20 Jun '14

20 Jun '14

On Mon, June 16, 2014 23:34, Chuck Campbell wrote: > I appreciate you restating this. I'll try to go make sense of iptables, given > the insight, > Keep in mind that there are three default chains, INPUT, OUTPUT and FORWARD that are used to initiate the packet path through IPTABLES and that they are mutually exclusive. INPUT deals ONLY with packets that arrive from off of AND are destined for the host running IPTABLES. OUTPUT deals only with packets that originate from the host running IPTABLES regardless of where they are destined. And FORWARD deals only with packets that arrive from and are destined off of the host running IPTABLES. A packet starts in only one of these based solely on its origin/destination pairing and it does not cross over automatically into either of the others. For example, if a forwarded packet is detected then the INPUT and OUTPUT chains are not used at all. I have seen chain misconfiguration where IPTABLES rules evidently assume that a packet is to pass from the INPUT chain or the OUTPUT chain to the FORWARD chain automatically. In some cases it seems that the rules writer has implicitly assumed that INPUT -> FORWARD -> OUTPUT is the default routing of all packet paths. This is not the case and it does not happen unless the other chain is specifically called from within the originating chain. My practice is to place general rules that I wish to apply to all packets, regardless of source or destination, into a chain called GENERAL and simply call that chain as the last instruction in each of the default chains. Actually I put very little else in the default chains and route from the GENERAL chain to other chains dedicated to specific rule sets, like for port knocking (FWKNOP_ALLOW); or for assured access (ALWAYS_ALLOW); or for blacklists: ALWAYS_DENY and FAIL2BAN_DENY for example. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

3 2

← Newer
1
2
3
4
5
6
7
...
12
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss June 2014