similar to: Can shorewall be the solution for this situation?

Displaying 20 results from an estimated 1000 matches similar to: "Can shorewall be the solution for this situation?"

2006 Jul 04
2
Migrating to dovecot
I do not have much experience in setting up imap servers - only that I have tried several and experienced the same problem with all of them. I suppose that is because I do not really know the in's and out's of an imap server. What I want to do is to setup an IMAP server on my PC with full access to all the emails already there in a maildir structure. I have the following setup:
2008 Aug 05
2
VMX on Lenovo R61, disabled bi BIOS ?
Hi, I''m currently trying to use a Linovo R61 Thinkpad equipped w/ Core2 Duo for HVM Virtualization. BIOS shows CPU/Virtualization->enabled. Xen 3.2.0 shows (Xeo) VMX disabled by BIOS Does someone knows any problems with R61 Thinkpads? Thanks in advance. cheers, Stephan -- Stephan Seitz Senior System Administrator *netz-haut* e.K. multimediale kommunikation zweierweg 22 97074
2006 May 31
8
shorewall and squid
What speaks for it and which speaks against it that Firewall and squid run on the same machine? Regards Menki ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more
2008 Apr 06
24
Re: Xen 3.2.0 on debian etch, many kernel panics
>/ these are the packages installed:/ > >/ ii linux-image-2.6.18-6-xen-amd64 2.6.18.dfsg.1-18etch1 / >/ Linux 2.6.18 image on AMD64/ >/ ii linux-modules-2.6.18-6-xen-amd64 2.6.18.dfsg.1-18etch1 / >/ Linux 2.6.18 modules on AMD64/ >/ ii xen-hypervisor-3.2-1-amd64 3.2.0-2 / >/ The Xen Hypervisor on
2012 Feb 28
6
[Bug 773] New: iptables performance limits on # of rules using ipset
http://bugzilla.netfilter.org/show_bug.cgi?id=773 Summary: iptables performance limits on # of rules using ipset Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org
2011 Jul 25
4
ipsets
I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the
2006 Nov 14
20
Shorewall performance
I have a couple of firewalls that are rather complicated - one has 21 interfaces, and the other has about 50 (there''s some heavy use of 802.1q, they only have half a dozen network cards). They work okay, but - compiling the rules takes a long time even on the faster servers, and restarting shorewall-lite takes between 5 and 10 minutes (during which time, only the routestopped stuff will
2023 Dec 05
3
[Bug 1726] New: invalid json generated by ipset list -output json
https://bugzilla.netfilter.org/show_bug.cgi?id=1726 Bug ID: 1726 Summary: invalid json generated by ipset list -output json Product: ipset Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: default Assignee:
2016 Sep 13
2
Iptables not save rules
> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of John R Pierce > Sent: Sunday, September 11, 2016 10:44 PM > To: centos at centos.org > Subject: Re: [CentOS] Iptables not save rules > > On 9/11/2016 8:55 AM, TE Dukes wrote: > > I have been using ipset to blacklist badbots. Works like a champ! >
2018 Sep 15
3
ipset-service save fails when module compiled into kernel
I want to use the ipset-service to store ipsets persistently across boots. (For use by iptables rules. firewalld has direct support for persistent ipsets but I need the more general capability of raw iptables.) I'm using a kernel with ipsets compiled in, rather than loaded as a module. The support script that saves ipsets checks if the module is loaded before saving and finds nothing, so
2016 Sep 11
2
Iptables not save rules
Hello, I have been using ipset to blacklist badbots. Works like a champ! The only problem is if I do a system reboot, I lose the ipset and the rule. I changed /etc/sysconfig/iptables.conf to: IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes" And followed the instructions in: https://www.centos.org/forums/viewtopic.php?t=3853 The changes are still not saved.
2020 Jan 09
7
Blocking attacks from a range of IP addresses
I am being attacked by an entire subnet where the first two parts of the IP address remain identical but the last two parts vary sufficiently that it is not caught by fail2ban since the attempts do not meet the cut-off of a certain number of attempts within the given time. Has anyone created a fail2ban filter for this type of attack? As of right now, I have manually banned a range of IP addresses
2010 Jun 17
4
shorewall 4.4.10 failing to start; won't recognize ipset "capability"
I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and
2010 Mar 11
2
[Bug 640] New: ipset-4.2 : ipset -T <some_setlist> <address> always negative
http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo:
2008 Nov 13
3
Does code in /etc/shorewall/start exec before or after Shorewall starts?
In the docs at http://www.shorewall.net/Shorewall-perl.html, "Your ipsets must be loaded before Shorewall starts. You are free to try to do that with the following code in /etc/shorewall/start" implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts. In the default /etc/shorewall/start # /etc/shorewall/start # # Add commands below that you want to be
2019 Apr 12
1
Mail account brute force / harassment
On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We
2020 Jul 01
12
[Bug 1439] New: Atomically updating/reloading a large set with nft -f is excessively slow
https://bugzilla.netfilter.org/show_bug.cgi?id=1439 Bug ID: 1439 Summary: Atomically updating/reloading a large set with nft -f is excessively slow Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5
2009 Dec 08
1
EmergingThreats fwrules ipset updater
hi i''ve created an emergingthreats fwrules ipset updater for use with my shorewall. maybe others find this usefull too. short howto: * get bash script (emerging-ipset-update.txt) from http://doc.emergingthreats.net/bin/view/Main/EmergingFirewallRules * add the configured ipsets to shorewall configfile "blacklist" * if not already configured: configure your interfaces for
2005 May 05
4
Shorewall 2.3.0
http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to
2016 Aug 28
5
.htaccess file
> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Keith Keller > Sent: Sunday, August 28, 2016 4:23 PM > To: centos at centos.org > Subject: Re: [CentOS] .htaccess file > > On 2016-08-28, TE Dukes <tdukes at palmettoshopper.com> wrote: > > > > I'm just not following or understanding.