search for: firehol

I know people must be doing something to manage iptables, but I haven''t been able to find anything yet. ( My google-fu must be weak today. ) What are you using to manage your iptables? -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers--

...<https://lists.fedoraproject.org/pipermail/devel/2015-March/209508.html> > > # 51-bufferbloat.conf > # Address bufferbloat > net.core.default_qdisc = fq_codel > I don't know your full requirements, but in the past for simple QoS gw I used FireQOS It's part of https://firehol.org/ , but can be used without firehol so in parallel of your own iptables rules Here is the doc : https://firehol.org/tutorial/fireqos-new-user/ -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -------------- next part -------------- A non-text...

On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We

I'm deploying a CentOS 7 box as a gateway and I'm trying to figure out how to set up traffic shaping. Historically I've used the Wondershaper script but apparently it's not deprecated in favor of superior queue management. I haven't yet found a packaged solution and I'm wondering what others do to configure this kind of thing. Apparently the new modules are available

...used Firestarter once, but found out that it cannot handle routing between a public and private network. Basically saying this is impossible. Of course, if your private network is addressed per RFC 1918 (that I co-authored), I can understand the difficulty, but otherwise.... Anyway, I found firehol, but this is rather confusing. ( how do I define a service like for port 5903? What about UDP for RTP? How do I run the thing?) There have been people here mentioning Firewall Builder, and that seems be well documented, except which rpm I should grab for Centos 5. I am looking over at http:/...

...livier.berger at it-sudparis.eu>. > submitter 444448 ! Bug#444448: ITP: twiki-ldapcontrib -- LDAP services for TWiki Changed Bug submitter from Olivier Berger <olivier.berger at int-edu.eu> to Olivier Berger <olivier.berger at it-sudparis.eu>. > submitter 455754 ! Bug#455754: firehol: Using volatile or another update mechanism for reserved IPs update Changed Bug submitter from Olivier Berger <olivier.berger at int-edu.eu> to Olivier Berger <olivier.berger at it-sudparis.eu>. > submitter 457155 ! Bug#457155: RFP: fpm -- Secure password manager Changed Bug submitt...

On 12/15/2017 4:10 AM, Fabian Arrotin wrote: > I don't know your full requirements, but in the past for simple QoS gw I > used FireQOS > It's part ofhttps://firehol.org/ , but can be used without firehol so > in parallel of your own iptables rules That looks nice. It appears to be a declarative front-end to tc that eliminates some of the boilerplate like setting defaults. The gateway is for a small business and I don't want shell and remote desktop...

On 1/9/20 2:08 AM, Pete Biggs wrote: >> Has anyone created a fail2ban filter for this type of attack? As of >> right now, I have manually banned a range of IP addresses but would >> like to automate it for the future. >> > As far as I can see fail2ban only deals with hosts and not networks - I > suspect the issue is what is a "network": It may be obvious to

OK, so I don't know what's going on. (even with tinyproxy/firehol off the following occurs). Unless wine is run by root, when WoW is first loaded and trying to login, WoW creates a Cache folder and a bunch of folders under cache for login purposes. The Cache folder exists in: <wine profile dir>/drive_c/users/Public/Applicatoin data/Blizzard Entertainment/...

Hello, I see manage of firewall in CentOS (called security), and seems difficult to manage, not enough powerful. I am searching a middle term between scripts of iptables to manage and Security manager of CentOS. I know FireStarter, another similar? -- Devel in Precio http://www.pas-world.com

https://bugzilla.netfilter.org/show_bug.cgi?id=1064 Bug ID: 1064 Summary: iptables-save fails silently in unprivileged lxc/lxd container Product: iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component:

On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote: > Fred Smith wrote: > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote: > <MVNCH> > > One thing I don't understand is how/why the firewall is DROPping so > > many attempts on port 25 when it in fact has a port forward rule sending > > port 25 on to my mailserver. How does it know, or why does it

...or about three remote IPs - I put a manual block on these at the firewall. The firewall has a block feature, which allows me to enter URLs which point to lists of IPs (Blocklists) and block traffic from those IPs at the firewall. It's designed to use these types of IP feeds: http://iplists.firehol.org/ Well, there's nothing stopping me running a cron-job on my Centos boxes to do the following: iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}' > /tmp/banned I can then transfer the banned file to a web-server and block the bad IP...

...file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package: vdr-dbg (1.6.0-5) file: /us...

...9;t support IPv6 > ## > Severity set to 'serious' from 'wishlist' > severity 282433 wishlist Bug #282433 [wu-ftpd] wu-ftpd doesn't support IPv6 Severity set to 'wishlist' from 'serious' > ## > > severity 292621 serious > ## > Bug #292621 [firehol] firehol: Please support IPv6 > ## > Severity set to 'serious' from 'wishlist' > severity 292621 wishlist Bug #292621 [firehol] firehol: Please support IPv6 Severity set to 'wishlist' from 'serious' > ## > > severity 299706 serious > ## > Bug...

...I put a manual block on these at the firewall. > > The firewall has a block feature, which allows me to enter URLs which point > to lists of IPs (Blocklists) and block traffic from those IPs at the > firewall. > > It's designed to use these types of IP feeds: http://iplists.firehol.org/ > > Well, there's nothing stopping me running a cron-job on my Centos boxes to > do the following: > > iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}' > > /tmp/banned > > I can then transfer the banned file...

Hi Olaf, Since we implemented country blocking, everything seems nicely under control, with only 'normal levels' of knocking. We first have impemented: http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip Then we did: https://github.com/firehol/blocklist-ipsets And finale iptables rules like these: > iptables -A INPUT -p tcp --dport 143 -m geoip --src-cc CN,AG,MX,NI,MF,VE,CO,AR,RU,UA -j DROP > iptables -A INPUT -p tcp --dport 143 -m geoip --src-cc MD,SD,SS,GA,CN,AZ,IN,ID,KZ,LA -j DROP > iptables -A INPUT -p tcp --dport 143 -m g...

...172.16.1.1 -> 192.168.1.11 -> 192.168.1.249 as DefaultGW, if that option is given via OpenVPN. I tried to follow the instructions on http://www.shorewall.net/OPENVPN.html as well as on http://www.shorewall.net/VPNBasics.html . Still, it doesn''t work. Before using shorewall, I used firehol. There, the following commands worked; with shorewall they don''t (neither with shorewall running nor with it being disabled): ## Settings for openVPN: iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -d 172.16.1.0/24 -i eth0 -j ACCEPT iptables...

...erity set to 'serious' from 'wishlist' Severity set to 'serious' from 'wishlist' > severity 282433 serious Bug #282433 [wu-ftpd] wu-ftpd doesn't support IPv6 Severity set to 'serious' from 'wishlist' > severity 292621 serious Bug #292621 [firehol] firehol: Please support IPv6 Severity set to 'serious' from 'wishlist' > severity 299706 serious Bug #299706 [squid] Please add IPv6 support to squid Severity set to 'serious' from 'wishlist' > severity 326415 serious Bug #326415 [qmail-src] Please support I...

...nk src 192.168.0.71 192.168.0.0/24 dev br1 proto kernel scope link src 192.168.0.72 192.168.30.0/24 dev vmnet1 proto kernel scope link src 192.168.30.1 172.27.0.0/16 via 172.27.0.2 dev tun0 default via 192.168.0.1 dev eth0 IP forwarding is enabled on all interfaces, and iptables (by way of firehol) has rules to allow all forwarding between all interfaces. If I create a 172.27.0.0/16 route on a LAN workstation, I can ping the server at 172.27.0.1. But I cannot reach any VPN workstation. At one time, by playing with some NAT rules, I was able to - but it didn''t seem right. What...