Archive for July 21st, 2010

How to solve (work around) an /etc/init.d/iptables failed issues caused by iptables Unknown error 18446744073709551615 on CentOS 5.5 Final

Wednesday, July 21st, 2010

Today I have encountered an oddity on CentOS release 5.5 (Final). The problem consisted in the iptables firewall not loading it’s rules.
After a bit of debugging I’ve found out that the whole issue was caused by a failure for /sbin/iptables-save to read the /etc/sysconfig/iptables stored iptables rules.

I’ve reviewed all the rules in the /etc/sysconfig/iptables and all of them appeared to be absolutely syntax correct, however since the iptables-restore command parser failed to load on a line after which was contaned the following iptables rules:

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --set
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --update --seconds 1 --hitcount 100 -j DROP

Which had to deal with the server SYN Flood Protection I’ve decided to attempt to issue the iptables rules directly from the command line like so:

[root@centos-server ~]# iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --set
[root@centos-server ~]# iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --update --seconds 1 --hitcount 100 -j DROP

Executing the above iptables lines I was unpleasently surprised by the error:

iptables: Unknown error 18446744073709551615

Googling for the error led me to many discussions none of which has suggested a concrete reasons that causes the issue, so I finally decided to experiment on my own in order to find the solution.

By the way it’s imporant to mention that I have encounted the iptables: Unknown error 18446744073709551615 problem on a CentoS 5.5 (Final running kernel version:
Linux centos-server 2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:08:30 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

What is even more interesting is that another CentOS server running a kernel version:

Linux centos-server1 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

is executing the above anti SYN flood iptables rules absolutely correctly.
Well I have to admit this is quite ODD. I have checked a module by module all modules related to iptables to assure myself that the error iptables: Unknown error 18446744073709551615 is not caused by a missing iptables related module on the server.
However all the iptables modules which was loaded on the server which was able to properly execute the iptables command without errors were loaded on the server where the error persisted.

Finally I’ve decided to completely remove the iptables anti-flood lines:

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --set
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name synflood --update --seconds 1 --hitcount 100 -j DROP

And substitute my ANTI SYN FLOOD protection rules in /etc/sysconfig/iptables with the following iptable rules:

-N syn-flood
-A INPUT -i eth0 -p tcp --syn -j syn-flood
-A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
-A syn-flood -j DROP

The above iptables rules to protect against SYN FLOODS worked like a charm a simple restart of the firewall loaded the firewall with the new substituted rules.

[root@centos-server ~]# /etc/init.d/iptables restartFlushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]

Tags:
Posted in Computer Security, Linux, System Administration | 2 Comments »

The Glorious Prophet Elijah (Elias) taking to heaven – the feast in the Orthodox Church – St. Elijah’s day

Wednesday, July 21st, 2010

The Orthodox Old Testament Prophet Elijah icon

It’s the feast of the glorious prophet Elijah in the Orthodox Church. Every year on the 20-th of June we do celebrate the feast whether we commemorate in short the glorious life of the prophet with which the mercyful God has bestowed the prophet.
Elijah is actually considered the greatest old testament prophet before the coming of our Lord and Saviour Jesus Christ.
St. Prophet Elias is among the two people who did not died but was taken to heaven, the first one that has not faced physical death but by God’s mercy because of his great righteousness has been taken to heaven is Enoch.
The whole short version of saint Elijah’s life is availabe for reading here

Elijah is very famous for his God inspired “contest” against the Baal Prophets whether he has shown the idolaters who the real Living God is.

Here are a few interesting extracts from the Saint’s Living:

During these two years a famine prevailed in the land. At the close of this period of retirement and of preparation for his work, Elijah met Obadiah, one of Ahab’s officers, whom he had sent out to seek for pasturage for the cattle, and bade him go and tell his master that Elijah was there. The king came and met Elijah, and reproached him as the “troubler of Israel.” It was then proposed that sacrifices should be publicly offered, for the purpose of determining whether Baal or the Israelite God was the true God. This was done on Mount Carmel; the result was that a miracle took place convincing those watching that Baal was false and that the Israelite God was real. The prophets of Baal were then put to death by the order of Elijah.

Another very notable moment (and marvelous God’s manifestation in Elijah’s life) is his Glorious take into haven by God Almighty. God taking Prophet Elijah to Heaven with a Chariot of Fire
God taking Elijah to heaven in a whirlwind by a chariot and horses of fire.

Read the short revised version below:

The time now drew near when he was to be taken up into heaven (2 Kings 2:1-12). He went down to Gilgal, where there was a school of prophets, and where his successor Elisha, whom he had anointed some years before, resided. Elisha was distraught by the thought of his master’s leaving him, and refused to be parted from him. The two went on and came to Bethel and Jericho, and crossed the Jordan, the waters of which were “divided hither and thither” when smitten with Elijah’s mantle. Upon arriving at the borders of Gilead, which Elijah had left many years before, it “came to pass as they still went on and talked” they were suddenly separated by a chariot and horses of fire; and “Elijah went up by a whirlwind into heaven,” Elisha receiving his mantle, which fell from Elijah as he ascended.Elijah’s chosen successor was the prophet Elisha; Elijah designated Elisha as such by leaving his mantle with him (2 Kings 2:13-15), so that his wish for “a double portion” of the older prophet’s spirit (2:9), an allusion to the preference shown the first-born son in the division of the father’s estate (Deuteronomy 21:17), had been fulfilled.

Tags:
Posted in Christianity | 3 Comments »