search for: allowed

...quot;localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 #http_port 3128 # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Le...

...2833/3655] Compiling source3/utils/net_rpc.c [2838/3655] Compiling source3/utils/net_cache.c [2844/3655] Compiling source3/utils/net_rpc_printer.c [2851/3655] Compiling source3/utils/net_rpc_shell.c "../source3/utils/net_cache.c", line 87.56: 1506-226 (S) The ":" operator is not allowed between "char[1]" and "int". "../source3/utils/net_cache.c", line 86.18: 1506-280 (W) Function argument assignment between types "const char*" and "int" is not allowed. "../source3/utils/net_cache.c", line 96.35: 1506-280 (W) Function argu...

...puppet_var_lib_t:file { write create append }; allow httpd_t puppet_var_run_t:dir { search getattr }; allow httpd_t rpm_t:dir { getattr search }; allow httpd_t rpm_t:file { read open }; allow httpd_t rpm_var_lib_t:dir { search getattr }; allow httpd_t rpm_var_lib_t:file open; #!!!! This avc can be allowed using the boolean 'httpd_setrlimit' allow httpd_t self:capability sys_resource; allow httpd_t self:capability sys_ptrace; allow httpd_t self:process setexec; allow httpd_t semanage_t:dir { getattr search }; allow httpd_t semanage_t:file { read open }; allow httpd_t setfiles_t:dir { getattr...

If someone has some free time, can you go over my ipfw config. See if I have any problems, or things i should add. Im not an ipfw expert or anything. Here is the config. add 100 allow all from any to any via lo0 add 110 deny log all from any to 127.0.0.0/8 add 120 deny log ip from 127.0.0.0/8 to any add 00200 check-state add 00250 deny all from any to any frag in via bge0 add 00260 deny

Hello forum. I''m in the process of re-organizing my server and ACL-settings. I''ve seen so many different ways of doing ACL, which makes me wonder how I should do it myself. This is obviously the easiest way, only describing the positive permissions: /usr/bin/chmod -R A=\ group:sa:full_set:fd:allow,\ group:vk:read_set:fd:allow \ However, I''ve seen people split each

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

Hi, We want to restrict acces to the shares on our samba server using "hosts allow". Can I get this to work with clients who have dynamic IP addresses and don't have revers DNS lookup ? Best regards, Eric Eijkelboom Sr Systems Manager Medtronic B.V. Heerlen, The Netherlands Phone : +31-(0)45-566.8544 Fax : +31-(0)45-566.8008 www.medtronic.com <http://www.medtronic.com/>

Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead:

...ce-4f34-9537-dd88a41359e5 sealert -l b95663bb-12ce-4f34-9537-dd88a41359e5 SELinux is preventing /usr/libexec/postfix/smtp from 'read, write' accesses on the file 546AA6099F. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that smtp should be allowed read write access on the 546AA6099F file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /va...

...gt; # Allow DNS with name server >> add allow udp from any to any domain out >> add allow udp from any domain to any in >Nope. >> # SSH >> # Note that /etc/hosts.allow has restrictions >> # on which IP addresses are allowed. >> # >> # Allow SSH: >> add allow tcp from any to any ssh in setup >Nope, but this explains SSH working. >> # HTTP & HTTPS: >> add allow tcp from any to any https in setup >> add allow tcp from any to any ht...

...http_access deny to_localhost > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localnet > http_access allow localhost > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > #http_port 3128 > > # Uncomment and adjust the following to add a disk cache directory. &...

...n this phone calls secret=21 ;callerid=John Doe <1234> ; Full caller ID, to override the phones config ; on incoming calls to Asterisk host=dynamic ; we have a static but private IP address ; No registration allowed ;nat=no ; there is not NAT between phone and Asterisk ;canreinvite=yes ; allow RTP voice traffic to bypass Asterisk ;dtmfmode=info ; either RFC2833 or INFO for the BudgeTone ;call-limit=1 ; permit only 1 outgoing call and 1...

...http_access deny to_localhost > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localnet > http_access allow localhost > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > #http_port 3128 > > # Uncomment and adjust the following to add a disk cache directory. &...

I manage a bunch of workstations at the Wendell Free Library. They are all diskless, boot via PXE and mount all of their file systems via NFS from a server. All of the machines are 32-bit and run CentOS (fully up-to-date running 5.10). There are two printers with queues managed on the server. The server 'shares' these printers on the local LAN (eg with all of the workstations).

Dear Dovecot users, hello. I will merge two issues I have into a single email because they may be related. I used dovecot on a OmniOS server since 2014 (currently OmniOS r151014) with the following configuration (it shows 2.2.18 because I recently updated dovecot, skipping only the PostgreSQL plugin): # 2.2.18: /etc/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc zfs mail_location =

...ion. you can do this with something like : perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' * Then you will have to run ldbadd and ldbmodify in the correct order to upgrade your schema to version 47 like this : ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32.ldf ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32mod.ldf ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33.ldf ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:...

...g requests. Don't forget that 'inbound' means > coming >>into the firewall, not necessarily from the outside world. Your own >>ping requests _from_ this box also have to both come in, and go out. > >Hmmm. OK. Outbound Ping will be rarely used, but should >be allowed. Isn't that included in the next rule? > > >> > >> # Allow pings, ping replies, and host unreach: >> > >> add allow icmp from any to any icmptypes 0,8,3 >> > > >> >>Add icmptype 11 as well if you want traceroutes to wo...

...h something like : > perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' * > > Then you will have to run ldbadd and ldbmodify in the correct order to upgrade your > schema to version 47 like this : > ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32.ldf > ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32mod.ldf > ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33.ldf > ldbmodify -H /var/lib/samba/private/sam.ldb --opt...

Hi Friends, Same question has been asked on the Squid mailing list but so far no reply on the mailing list so posting it here also. We are trying to cache some files from apple.com like .dmg, .pkg, .ipa etc.. so that local clients can fetch the data from the cache. The problem we are facing is that we have download restrictions for every client to 25 MB during work hours except for a particular

I had the same problem so i setup up hosts.allow to only allow access from certain ips i require This has the affect of killing the connection from any other ip befor gettign to any login prompt example below sshd : localhost : allow sshd : 192.168.2. : allow sshd : 82.41.115.213 :allow sshd : 216.123.248.219 : allow <-- public ip i wish to allow of course i have changed it sshd : all :