similar to: firewalld rule syntax

On 17 Nov 2015 17:30, "Nick Bright" <nick.bright at valnet.net> wrote: > > On 11/17/2015 11:12 AM, Nick Bright wrote: >> >> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 >> firewall-cmd --zone=monitoring --add-service=snmp >> firewall-cmd --zone=monitoring --add-interface=ens192 >> firewall-cmd --runtime-to-permanent > > I went

Greetings, One of my biggest frustrations with CentOS 7 has been firewalld. Essentially all of the documentation just flat doesn't work. One common thing that needs to be done is to change the zone of an interface, however I've tried: firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192 I've also tried

On 6 November 2015 at 21:49, Pete Travis <lists at petetravis.com> wrote: > On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: >> >> Greetings, >> >> One of my biggest frustrations with CentOS 7 has been firewalld. >> >> Essentially all of the documentation just flat doesn't work. >> >> One common

On 11/17/2015 11:12 AM, Nick Bright wrote: > firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 > firewall-cmd --zone=monitoring --add-service=snmp > firewall-cmd --zone=monitoring --add-interface=ens192 > firewall-cmd --runtime-to-permanent I went ahead and tried this and found that the zone and service must first be created, which requires use of: firewall-cmd

Greetings, I'm working with a new CentOS 7 installation, moving a system up from CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance requirements. However, while setting up the CentOS 7 environment one of the closed source applications is requiring 0.9.8. The software vendor has advised installing package openssl098e from yum; but I'm hesitant to do so from a

On Mon, November 16, 2015 16:39, Nick Bright wrote: > On 11/6/2015 3:58 PM, James Hogarth wrote: >> I have a couple of relevant articles you may be interested in ... >> >> On assigning the zone via NM: >> https://www.hogarthuk.com/?q=node/8 >> >> Look down to the "Specifying a particular firewall zone" bit ... >> remember that if you edit the

On 11/16/2015 01:39 PM, Nick Bright wrote: > This is very frustrating, and not obvious. If --permanent doesn't work > for a command, then it should give an error - not silently fail > without doing anything! But --permanent *did* work. What you're seeing is the documented behavior: --permanent The permanent option --permanent can be used to set options

On 10/21/2015 2:34 PM, Eero Volotinen wrote: > Remember that rhel/centos backports fixes, so just looking version > number is not reliable way to detect security issues. > > Eero Indeed, though I can say on CentOS 5 the required configuration to be PCI compliand is not valid in apache, and httpd will not start. -- ----------------------------------------------- - Nick Bright

Greetings, I'm running Dovecot 2.0.9 on my CentOS 6 server, for several thousand mailboxes. Recently, I've had several reports of "my mailbox is suddenly empty, where'd my mail go?" I've enabled debug logging, but I'd like to make sure I have the best level of debug to see things like "delete message" commands? I've configured in logging:

In CentOS 6.7 I ran setup command and I could configure network settings from that "gui" utility at command line. In CentOS 7 I don't know where this goes or how to enabled. I have installed a few packages: yum install setuptool -y \ && yum install system-config-network-tui -y \ && yum install system-config-firewall* -y \ && yum install

On 10/21/2015 1:55 PM, Andrew Holway wrote: > Personally I would go round to that particular vendors office with a pipe > wrench and encourage them to do better however, unless this software is > transmitting credit card information then it seems that you could be > safe(ish) from the regulation standpoint. It really depends on the location > of the machine. Is it deep in the bowels

On 11/6/2015 3:58 PM, James Hogarth wrote: > I have a couple of relevant articles you may be interested in ... > > On assigning the zone via NM: > https://www.hogarthuk.com/?q=node/8 > > Look down to the "Specifying a particular firewall zone" bit ... > remember that if you edit the files rather than using nmcli you must > reload NM (or do nmcli reload) for that

On 11/17/2015 8:18 AM, James B. Byrne wrote: > This behaviour is congruent with SELinux. One utility adjusts the > permanent configuration, the one that will be applied at startup. > Another changes the current running environment without altering the > startup config. From a sysadmin point of view this is desirable since > changes to a running system are often performed for

Is there any information available about what packages are being planned for the SCL? For example, will PHP 5.6 be made available & maintained? By "maintained" I mean kept up to date with back ported security patches and such. -- ----------------------------------------------- - Nick Bright - - Vice President of Technology - -

Personally I would go round to that particular vendors office with a pipe wrench and encourage them to do better however, unless this software is transmitting credit card information then it seems that you could be safe(ish) from the regulation standpoint. It really depends on the location of the machine. Is it deep in the bowels of your high security nuclear bunker on an air gap network or is is

Remember that rhel/centos backports fixes, so just looking version number is not reliable way to detect security issues. Eero 2015-10-21 21:18 GMT+03:00 Nick Bright <nick.bright at valnet.net>: > Greetings, > > I'm working with a new CentOS 7 installation, moving a system up from > CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance > requirements. >

I?m adding once a day mail delivery to my site. Messages are marked by the sender as ?overnight? or ?once a week? delivery. The way I?m planning on implementing this is to queue messages until midnight in a MySQL database. Each mailbox will be kept in two Dovecot mailstores. The first mailstore will give the users IMAP access to their mailbox. A second mailstore will hold the next day?s new

On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: > > Greetings, > > One of my biggest frustrations with CentOS 7 has been firewalld. > > Essentially all of the documentation just flat doesn't work. > > One common thing that needs to be done is to change the zone of an interface, however I've tried: > > firewall-cmd

On CentOS 7 with firewalld I have a box with numerous interfaces acting as a NAT gateway. This works but I noticed that it routes/forwards traffic not just from my internal zone to external zone but also between interfaces within the internal zone. How can I prevent that traffic? I've tried adding direct and rich rules to deny the traffic but it doesn't work. Direct: firewall-cmd

I am familiar with using commands like: firewall-cmd --permanent --add-service=http To enable firewalld services. I am also aware that this is through xml 'scripts' in: /usr/lib/firewalld/services/ But what I find interesting is what services are there and which are not. I went a'lookin with: grep "port=" /usr/lib/firewalld/services/*|more And found some like: