Displaying 20 results from an estimated 1000 matches similar to: "Can shorewall be the solution for this situation?"
2006 Jul 04
2
Migrating to dovecot
I do not have much experience in setting up imap servers - only that I
have tried several and experienced the same problem with all of them. I
suppose that is because I do not really know the in's and out's of an
imap server.
What I want to do is to setup an IMAP server on my PC with full access
to all the emails already there in a maildir structure.
I have the following setup:
2008 Aug 05
2
VMX on Lenovo R61, disabled bi BIOS ?
Hi,
I''m currently trying to use a Linovo R61 Thinkpad equipped w/ Core2 Duo for HVM
Virtualization. BIOS shows CPU/Virtualization->enabled. Xen 3.2.0 shows
(Xeo) VMX disabled by BIOS
Does someone knows any problems with R61 Thinkpads?
Thanks in advance.
cheers,
Stephan
--
Stephan Seitz
Senior System Administrator
*netz-haut* e.K.
multimediale kommunikation
zweierweg 22
97074
2006 May 31
8
shorewall and squid
What speaks for it and which speaks against it that Firewall and
squid run on the same machine?
Regards Menki
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
2008 Apr 06
24
Re: Xen 3.2.0 on debian etch, many kernel panics
>/ these are the packages installed:/
>
>/ ii linux-image-2.6.18-6-xen-amd64 2.6.18.dfsg.1-18etch1 /
>/ Linux 2.6.18 image on AMD64/
>/ ii linux-modules-2.6.18-6-xen-amd64 2.6.18.dfsg.1-18etch1 /
>/ Linux 2.6.18 modules on AMD64/
>/ ii xen-hypervisor-3.2-1-amd64 3.2.0-2 /
>/ The Xen Hypervisor on
2012 Feb 28
6
[Bug 773] New: iptables performance limits on # of rules using ipset
http://bugzilla.netfilter.org/show_bug.cgi?id=773
Summary: iptables performance limits on # of rules using ipset
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
2011 Jul 25
4
ipsets
I haven''t debugged this enough to understand what is happening, but I
observe the following:
someipset = bitmap:ip,mac
1) br0:+someipset
2) br0:+someipset[2]
The first 1) doesn''t match anything in rules or tcrules, the second 2)
matches fine. (Also using +someipset[1] doesn''t match anything)
Is it possible/sensible/feasible to have shorewall figure out the
2006 Nov 14
20
Shorewall performance
I have a couple of firewalls that are rather complicated - one has 21
interfaces, and the other has about 50 (there''s some heavy use of
802.1q, they only have half a dozen network cards). They work okay,
but - compiling the rules takes a long time even on the faster
servers, and restarting shorewall-lite takes between 5 and 10 minutes
(during which time, only the routestopped stuff will
2023 Dec 05
3
[Bug 1726] New: invalid json generated by ipset list -output json
https://bugzilla.netfilter.org/show_bug.cgi?id=1726
Bug ID: 1726
Summary: invalid json generated by ipset list -output json
Product: ipset
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: trivial
Priority: P5
Component: default
Assignee:
2016 Sep 13
2
Iptables not save rules
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of John R Pierce
> Sent: Sunday, September 11, 2016 10:44 PM
> To: centos at centos.org
> Subject: Re: [CentOS] Iptables not save rules
>
> On 9/11/2016 8:55 AM, TE Dukes wrote:
> > I have been using ipset to blacklist badbots. Works like a champ!
>
2018 Sep 15
3
ipset-service save fails when module compiled into kernel
I want to use the ipset-service to store ipsets persistently across boots.
(For use by iptables rules. firewalld has direct support for persistent
ipsets but I need the more general capability of raw iptables.)
I'm using a kernel with ipsets compiled in, rather than loaded as a module.
The support script that saves ipsets checks if the module is loaded before
saving and finds nothing, so
2016 Sep 11
2
Iptables not save rules
Hello,
I have been using ipset to blacklist badbots. Works like a champ!
The only problem is if I do a system reboot, I lose the ipset and the rule.
I changed /etc/sysconfig/iptables.conf to:
IPTABLES_SAVE_ON_RESTART="yes"
IPTABLES_SAVE_ON_STOP="yes"
And followed the instructions in:
https://www.centos.org/forums/viewtopic.php?t=3853
The changes are still not saved.
2020 Jan 09
7
Blocking attacks from a range of IP addresses
I am being attacked by an entire subnet where the first two parts of the IP address remain identical but the last two parts vary sufficiently that it is not caught by fail2ban since the attempts do not meet the cut-off of a certain number of attempts within the given time.
Has anyone created a fail2ban filter for this type of attack? As of right now, I have manually banned a range of IP addresses
2010 Jun 17
4
shorewall 4.4.10 failing to start; won't recognize ipset "capability"
I have been using shorewall for years with ipsets. I have encountered a
problem after upgrading from 4.2.11 to 4.4.10. When I run
''shorewall-check'' or ''shorewall start'', it halts with the error:
----------------------------------------------------------------------
ERROR: ipset names in Shorewall configuration files require Ipset Match
in your kernel and
2010 Mar 11
2
[Bug 640] New: ipset-4.2 : ipset -T <some_setlist> <address> always negative
http://bugzilla.netfilter.org/show_bug.cgi?id=640
Summary: ipset-4.2 : ipset -T <some_setlist> <address> always
negative
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: default
AssignedTo:
2008 Nov 13
3
Does code in /etc/shorewall/start exec before or after Shorewall starts?
In the docs at http://www.shorewall.net/Shorewall-perl.html,
"Your ipsets must be loaded before Shorewall starts. You are free to
try to do that with the following code in /etc/shorewall/start"
implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts.
In the default /etc/shorewall/start
# /etc/shorewall/start
#
# Add commands below that you want to be
2019 Apr 12
1
Mail account brute force / harassment
On Fri, 12 Apr 2019, mj wrote:
> What we do is: use https://github.com/trick77/ipset-blacklist to block IPs
> (from various existing blacklists) at the iptables level using an ipset.
"www.blocklist.de" is a nifty source. Could you suggest other publically
available blacklists?
> That way, the known bad IPs never even talk to dovecot, but are dropped
> immediately. We
2020 Jul 01
12
[Bug 1439] New: Atomically updating/reloading a large set with nft -f is excessively slow
https://bugzilla.netfilter.org/show_bug.cgi?id=1439
Bug ID: 1439
Summary: Atomically updating/reloading a large set with nft -f
is excessively slow
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: enhancement
Priority: P5
2009 Dec 08
1
EmergingThreats fwrules ipset updater
hi
i''ve created an emergingthreats fwrules ipset updater for use with my
shorewall.
maybe others find this usefull too.
short howto:
* get bash script (emerging-ipset-update.txt) from
http://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules
* add the configured ipsets to shorewall configfile "blacklist"
* if not already configured: configure your interfaces for
2005 May 05
4
Shorewall 2.3.0
http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0
ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0
WARNING: This is a development release and may be unstable
New Features in version 2.3.0
1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match
facility in Netfilter. Like all owner match options, ''cmd-owner'' may
only be applied to
2016 Aug 28
5
.htaccess file
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Keith Keller
> Sent: Sunday, August 28, 2016 4:23 PM
> To: centos at centos.org
> Subject: Re: [CentOS] .htaccess file
>
> On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote:
> >
> > I'm just not following or understanding.