search for: hogarthuk

...0 connection.zone internal > > ...btw, the insertion of the 'p' was deliberate, I've seen more device > names of that form. doublecheck your device name too. > > I have a couple of relevant articles you may be interested in ... On assigning the zone via NM: https://www.hogarthuk.com/?q=node/8 Look down to the "Specifying a particular firewall zone" bit ... remember that if you edit the files rather than using nmcli you must reload NM (or do nmcli reload) for that to take effect. If you specify a zone in NM then this will override the firewalld configuration if...

...+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4" <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" </IfModule> https://www.ssllabs.com/ssltest/analyze.html?d=www.hogarthuk.com IIRC the Red Hat defaults are somewhat conservative on their limitations in order to simplify and maximise client connectivity - as some stuff (especially java apps or older mobile devices) tend to struggle otherwise with only a strict set of secure ciphers.

On Mon, November 16, 2015 16:39, Nick Bright wrote: > On 11/6/2015 3:58 PM, James Hogarth wrote: >> I have a couple of relevant articles you may be interested in ... >> >> On assigning the zone via NM: >> https://www.hogarthuk.com/?q=node/8 >> >> Look down to the "Specifying a particular firewall zone" bit ... >> remember that if you edit the files rather than using nmcli you must >> reload NM (or do nmcli reload) for that to take effect. >> >> If you specify a zone in NM the...

Hi all! I'n wondering if it is possible to have Centos-7 automatically change firewall zones, depending on the network we conect to. my default zone is "home" and it has some ports open that probably shouldn't be open when I'm on someone elose's network. so I'm thinking that if there's a way to have it always use home when I'm at home, and external when

On 11/6/2015 3:58 PM, James Hogarth wrote: > I have a couple of relevant articles you may be interested in ... > > On assigning the zone via NM: > https://www.hogarthuk.com/?q=node/8 > > Look down to the "Specifying a particular firewall zone" bit ... > remember that if you edit the files rather than using nmcli you must > reload NM (or do nmcli reload) for that to take effect. > > If you specify a zone in NM then this will override the...

...gt; However, at the end > firewall-cmd --zone=monitoring --add-interface=ens192 > > This results in a zone conflict. I'm not sure if it's even possible to have two zones on the interface. > > A zone applies to a source network or interface. Have a flick through: https://www.hogarthuk.com/?q=node/9 Surprised SNMP isn't already defined as a service in /usr/lib/firewalld/services .... Perhaps snmpd ? Don't have a system to hand to check.

Hi, In CentOS7 I have added two zones using firewall-cmd, each for different ports/services and interfaces when I try to --add-source to the second zone with an IP that is already in the first I am getting an 'Error: ZONE_CONFLICT' message. Am I trying to do something illogical or is this a feature? Cheers, Colin.

...ev rules? > > > anyone got any wisdom they can drop on me? > > The default zones are poorly named and should never have been included - especially given most of them aren't in use on any given system. For a look into how to make use of firewalld take a look at this: https://www.hogarthuk.com/?q=node/9 The best way to handle the scenario you describe would be multiple NM connection profiles (don't have it set to auto) so that you can set connection.zone correctly on each for the right network profile. Then when you nmcli c up work (or home or whatever) to bring up that connec...

Hello James, Wednesday, April 6, 2016, 5:34:26 PM, you wrote: > Note that this is pretty much the last use case you cannot use > NetworkManager for but need the legacy network service ... to save you some > pain in trying to configure it ;) I disagree... NetworkManager works perfectly.

On Mon, 18 May 2015, James Hogarth wrote: > On 18 May 2015 at 20:10, <m.roth at 5-cent.us> wrote: >> Someone else got the 7 pxe install going, and one thing that's annoying is >> that NetworkMangler appears to be regularly trying to fire up the wifi. >> >> On a workstation, in a wired environment. I just want to tell NM to knock >> it off....It's

Got a problem: a user's workstation froze. He wound up rebooting, without calling me in first, so I dunno. But, and this is a show-stopper, when it came up, it came up with the firmware MAC, not the spoofed one. In /etc/sysconfig/network-scripts/ifcg-eth0, I've got the spoofed MAC address, and a UUID. In the grub.conf, I've got net.ifnames=0 biosdevname=0. But when I logged onto his

On Thu, Jul 06, 2017 at 08:17:17AM -0400, Jonathan Billings wrote: > On Thu, Jul 06, 2017 at 11:17:12AM +0300, Amine Tengilimoglu wrote: > > i need your helps on setting the virtual ip. I am trying to setup static > > virtual ip on CenOS7. but I want my VIP to should not open when rebooting. > > It looks like you're trying to add the second IP on an aliased >

Hi, For software development, projects are built through makefile. After building, I can run binary program. rpm is more convenient. Is there some tool that can build rpm? Thanks! Regards Andrew

Greetings, One of my biggest frustrations with CentOS 7 has been firewalld. Essentially all of the documentation just flat doesn't work. One common thing that needs to be done is to change the zone of an interface, however I've tried: firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192 I've also tried

...hy certain changes like some bonding or tagging alterations require a full system restart or very careful unpicking manually with ip) and is effectively deprecated in RHEL at this time due to major bug fixes only but no feature work. You really should have a read through this as well: https://www.hogarthuk.com/?q=node/8 On EL6 yes NM should be removed on anything but a wifi system but on EL7 unless you fall into a specific edge case as per the network docs: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Networking_Guide/index.html you really should be using NM...

I have a number of machines (hardware and VMs) running CentOS 7. I all cases firewall-config is not functional. First, the service check boxes are not functional. When you click on one, it don't change to "checked", and nothing changes on the firewall. However you do see a "Changes applied" Sometimes, f you go to permanent mode and attempt to edit a zone, the whole

On 8 March 2017 at 11:15, Alice Wonder <alice at domblogger.net> wrote: > On 03/08/2017 01:57 AM, Giles Coochey wrote: >> >> >>> The recommended configuration for EL7 is to use NetworkManager unless >>> you have a very specific edge case preventing you from doing so: >>> >> The truth is a lot of us run servers that don't need to have their

...rk-scripts just like previous versions. >> > Of course that goes against the RH recommendations, works against you if > you want to do RHCSA/RHCE at some point, and has a few other issues too... > > It's that behaviour that lead me to write this recently: > > https://www.hogarthuk.com/?q=node/8 > > There is the right time to use the old network service. EL6 or a couple of > very specific edge cases. Otherwise you are effectively hurting yourself to > some extent. Great post. I am just in the process of building my first CentOS 7 host and was wondering whether t...

...ving the ports to friendly names. For an example of why this is important think about using pacemaker or keepalived to manage IPs migrating between systems. They won't be visible using ifconfig but only via ip as they aren't exposed in the kernel structures that ifconfig uses - https://www.hogarthuk.com/?q=node/6 Another example is when you have multiple interfaces and you have source policy routing (or similar advanced routing behaviour) that makes use of rules and multiple routing tables. The older route command is only capable of displaying the default main table, not the rest of the table...

On 5/21/2016 6:03 PM, John R Pierce wrote: > i started to look at SCL and got lost pretty quickly. I'm not > running OwnCloud but I've got some other php stuff thats getting > increasingly unhappy about the stock c6 php... ok, I've installed php54-1.1-5.el6.centos.alt.x86_64 ... if I run `scl enable php54`, will that connect it up to my existing apache, so it just