2012/11/19 linbloke <linbloke@fastmail.fm>:
>
>
> Perhaps your log daemon is squashing duplicate entries?
>
To be honest i dont care much about log messages, I do care about rule
counters:) The thing that scares me is my missunderstanding of "what
is going on?"
But I found when counters get incremented. Bulmer test with nc hinted
me to play a bit with tcp packet payload.
First run:
echo -n "GET /index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n" | nc
89.16.167.134 80
gives no counters change. I get the page, but counters still unchanged. Okey...
Doing request like:
echo -n "GET BUBA-BUBA /index.php HTTP/1.1\r\nHost:
www.gentoo.org\r\n\r\n" | nc 89.16.167.134 80
I get "400 Bad request" and counters still unchaged. Okey....
!!! BUT !!!!
if I do something like
echo -n "GET BUBA-BUBA-BUBA-BUBAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
/index.php HTTP/1.1\r\nHost: www.gentoo.org\r\n\r\n| nc 89.16.167.134
80
I get the same "400 Bad request", BUT now counters got incremented.
Seems like module start matching from the wrong position thus even
--from 0 (ommiting --from 0 for default does not change result) simply
does not work.
Ehm...
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAAvRK96ZmHyqnKOfkr3P5J-cKpwLcrq1a-9rdyg0Gj7iDUDJYw@mail.gmail.com
No comments:
Post a Comment