Displaying 20 results from an estimated 23 matches for "firehol".
Did you mean:
firefox
2007 Jun 28
8
iptables module?
I know people must be doing something to manage iptables, but I
haven''t been able to find anything yet. ( My google-fu must be weak
today. )
What are you using to manage your iptables?
--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--
2017 Dec 15
2
Traffic shaping on CentOS
...<https://lists.fedoraproject.org/pipermail/devel/2015-March/209508.html>
>
> # 51-bufferbloat.conf
> # Address bufferbloat
> net.core.default_qdisc = fq_codel
>
I don't know your full requirements, but in the past for simple QoS gw I
used FireQOS
It's part of https://firehol.org/ , but can be used without firehol so
in parallel of your own iptables rules
Here is the doc : https://firehol.org/tutorial/fireqos-new-user/
--
Fabian Arrotin
The CentOS Project | https://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-------------- next part --------------
A non-text...
2019 Apr 12
1
Mail account brute force / harassment
On Fri, 12 Apr 2019, mj wrote:
> What we do is: use https://github.com/trick77/ipset-blacklist to block IPs
> (from various existing blacklists) at the iptables level using an ipset.
"www.blocklist.de" is a nifty source. Could you suggest other publically
available blacklists?
> That way, the known bad IPs never even talk to dovecot, but are dropped
> immediately. We
2017 Dec 15
2
Traffic shaping on CentOS
I'm deploying a CentOS 7 box as a gateway and I'm trying to figure out how
to set up traffic shaping. Historically I've used the Wondershaper script
but apparently it's not deprecated in favor of superior queue management. I
haven't yet found a packaged solution and I'm wondering what others do to
configure this kind of thing.
Apparently the new modules are available
2007 Dec 30
2
Firewall builder - which rpm?
...used Firestarter once, but found out that it cannot handle routing
between a public and private network. Basically saying this is
impossible. Of course, if your private network is addressed per RFC
1918 (that I co-authored), I can understand the difficulty, but
otherwise....
Anyway, I found firehol, but this is rather confusing. ( how do I
define a service like for port 5903? What about UDP for RTP? How do I
run the thing?)
There have been people here mentioning Firewall Builder, and that seems
be well documented, except which rpm I should grab for Centos 5.
I am looking over at http:/...
2008 May 16
0
Processed: your mail
...livier.berger at it-sudparis.eu>.
> submitter 444448 !
Bug#444448: ITP: twiki-ldapcontrib -- LDAP services for TWiki
Changed Bug submitter from Olivier Berger <olivier.berger at int-edu.eu> to Olivier Berger <olivier.berger at it-sudparis.eu>.
> submitter 455754 !
Bug#455754: firehol: Using volatile or another update mechanism for reserved IPs update
Changed Bug submitter from Olivier Berger <olivier.berger at int-edu.eu> to Olivier Berger <olivier.berger at it-sudparis.eu>.
> submitter 457155 !
Bug#457155: RFP: fpm -- Secure password manager
Changed Bug submitt...
2017 Dec 15
0
Traffic shaping on CentOS
On 12/15/2017 4:10 AM, Fabian Arrotin wrote:
> I don't know your full requirements, but in the past for simple QoS gw I
> used FireQOS
> It's part ofhttps://firehol.org/ , but can be used without firehol so
> in parallel of your own iptables rules
That looks nice. It appears to be a declarative front-end to tc that
eliminates some of the boilerplate like setting defaults.
The gateway is for a small business and I don't want shell and remote
desktop...
2020 Jan 09
3
Blocking attacks from a range of IP addresses
On 1/9/20 2:08 AM, Pete Biggs wrote:
>> Has anyone created a fail2ban filter for this type of attack? As of
>> right now, I have manually banned a range of IP addresses but would
>> like to automate it for the future.
>>
> As far as I can see fail2ban only deals with hosts and not networks - I
> suspect the issue is what is a "network": It may be obvious to
2010 Nov 14
1
Can't create folders in .wine/drive_c/users/public/App Data/...
OK, so I don't know what's going on. (even with tinyproxy/firehol off the
following occurs).
Unless wine is run by root, when WoW is first loaded and trying to login,
WoW creates a Cache folder and a bunch of folders under cache for login
purposes. The Cache folder exists in: <wine profile
dir>/drive_c/users/Public/Applicatoin data/Blizzard
Entertainment/...
2007 Feb 13
6
Manage of firewall.
Hello,
I see manage of firewall in CentOS (called security), and seems
difficult to manage, not enough powerful.
I am searching a middle term between scripts of iptables to manage and
Security manager of CentOS. I know FireStarter, another similar?
--
Devel in Precio http://www.pas-world.com
2016 May 01
12
[Bug 1064] New: iptables-save fails silently in unprivileged lxc/lxd container
https://bugzilla.netfilter.org/show_bug.cgi?id=1064
Bug ID: 1064
Summary: iptables-save fails silently in unprivileged lxc/lxd
container
Product: iptables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2019 Aug 02
4
[OT] odd network question
On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> Fred Smith wrote:
> > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> <MVNCH>
> > One thing I don't understand is how/why the firewall is DROPping so
> > many attempts on port 25 when it in fact has a port forward rule sending
> > port 25 on to my mailserver. How does it know, or why does it
2019 Aug 03
0
[OT] odd network question
...or about three remote IPs - I put a manual block on these at the
firewall.
The firewall has a block feature, which allows me to enter URLs which
point to lists of IPs (Blocklists) and block traffic from those IPs at
the firewall.
It's designed to use these types of IP feeds: http://iplists.firehol.org/
Well, there's nothing stopping me running a cron-job on my Centos boxes
to do the following:
iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}' >
/tmp/banned
I can then transfer the banned file to a web-server and block the bad IP...
2008 Aug 24
2
Bug#496367: The possibility of attack with the help of symlinks in some Debian packages
...file: /usr/lib/ogle/ogle_cli_debug
file: /usr/lib/ogle/ogle_ctrl_debug
file: /usr/lib/ogle/ogle_gui_debug
file: /usr/lib/ogle/ogle_mpeg_ps_debug
file: /usr/lib/ogle/ogle_mpeg_vs_debug
file: /usr/lib/ogle/ogle_nav_debug
file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
file: /usr/bin/optics2rad
file: /usr/bin/pdelta
file: /usr/bin/dayfact
file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
file: /us...
2010 Mar 23
0
Processed: Re: Processed: ipv6 release goal
...9;t support IPv6
> ## > Severity set to 'serious' from 'wishlist'
> severity 282433 wishlist
Bug #282433 [wu-ftpd] wu-ftpd doesn't support IPv6
Severity set to 'wishlist' from 'serious'
> ## > > severity 292621 serious
> ## > Bug #292621 [firehol] firehol: Please support IPv6
> ## > Severity set to 'serious' from 'wishlist'
> severity 292621 wishlist
Bug #292621 [firehol] firehol: Please support IPv6
Severity set to 'wishlist' from 'serious'
> ## > > severity 299706 serious
> ## > Bug...
2019 Aug 05
4
[OT] odd network question
...I put a manual block on these at the firewall.
>
> The firewall has a block feature, which allows me to enter URLs which point
> to lists of IPs (Blocklists) and block traffic from those IPs at the
> firewall.
>
> It's designed to use these types of IP feeds: http://iplists.firehol.org/
>
> Well, there's nothing stopping me running a cron-job on my Centos boxes to
> do the following:
>
> iptables -L -n | awk '$1=="REJECT" && $4!="0.0.0.0/0" {print $4}' >
> /tmp/banned
>
> I can then transfer the banned file...
2017 Jul 25
0
under another kind of attack
Hi Olaf,
Since we implemented country blocking, everything seems nicely under
control, with only 'normal levels' of knocking.
We first have impemented:
http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip
Then we did:
https://github.com/firehol/blocklist-ipsets
And finale iptables rules like these:
> iptables -A INPUT -p tcp --dport 143 -m geoip --src-cc CN,AG,MX,NI,MF,VE,CO,AR,RU,UA -j DROP
> iptables -A INPUT -p tcp --dport 143 -m geoip --src-cc MD,SD,SS,GA,CN,AZ,IN,ID,KZ,LA -j DROP
> iptables -A INPUT -p tcp --dport 143 -m g...
2008 Feb 11
2
OpenVPN traffic will not be routed into network / as DefaultGW traffic ... with 1 NIC
...172.16.1.1 -> 192.168.1.11 ->
192.168.1.249 as DefaultGW, if that option is given via OpenVPN.
I tried to follow the instructions on
http://www.shorewall.net/OPENVPN.html as well as on
http://www.shorewall.net/VPNBasics.html .
Still, it doesn''t work.
Before using shorewall, I used firehol. There, the following commands
worked; with shorewall they don''t (neither with shorewall running nor
with it being disabled):
## Settings for openVPN:
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -d 172.16.1.0/24 -i eth0 -j ACCEPT
iptables...
2010 Mar 23
0
Processed: ipv6 release goal
...erity set to 'serious' from 'wishlist'
Severity set to 'serious' from 'wishlist'
> severity 282433 serious
Bug #282433 [wu-ftpd] wu-ftpd doesn't support IPv6
Severity set to 'serious' from 'wishlist'
> severity 292621 serious
Bug #292621 [firehol] firehol: Please support IPv6
Severity set to 'serious' from 'wishlist'
> severity 299706 serious
Bug #299706 [squid] Please add IPv6 support to squid
Severity set to 'serious' from 'wishlist'
> severity 326415 serious
Bug #326415 [qmail-src] Please support I...
2007 Sep 10
5
OpenVPN routing
...nk src 192.168.0.71
192.168.0.0/24 dev br1 proto kernel scope link src 192.168.0.72
192.168.30.0/24 dev vmnet1 proto kernel scope link src 192.168.30.1
172.27.0.0/16 via 172.27.0.2 dev tun0
default via 192.168.0.1 dev eth0
IP forwarding is enabled on all interfaces, and iptables (by way of
firehol) has rules to allow all forwarding between all interfaces.
If I create a 172.27.0.0/16 route on a LAN workstation, I can ping the
server at 172.27.0.1. But I cannot reach any VPN workstation. At one
time, by playing with some NAT rules, I was able to - but it didn''t seem
right.
What...