similar to: Switching from lokkit (iptables) to firewalld

On Tue, 4 Feb 2020 at 05:37, Pete Biggs <pete at biggs.org.uk> wrote: > On Mon, 2020-02-03 at 19:04 -0500, Jerry Geis wrote: > > Hi All, > > > > Over the last 20 some years I have a file with about 200K worth of > address > > that have "wrongly" tried to connect to my boxes running centos. So the > > file has one line per address or group of

On Mon, 2020-02-03 at 19:04 -0500, Jerry Geis wrote: > Hi All, > > Over the last 20 some years I have a file with about 200K worth of address > that have "wrongly" tried to connect to my boxes running centos. So the > file has one line per address or group of addresses like: > 2.244.112.0/24 > > So using the OLD iptables I would run through my file build the

Hi Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2 I use the Geolite legacy databases together with iptables 1.47 to filter traffic for a variety of ports and only allow .AU traffic to have access. Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB to the latest version which is GeoLite2, this leaves all users in need of the old

hi All - I tried doing: yum provides "/usr/sbin/lokkit" on CentOS 8 and got No Matches found. Where can I get his for C8? Jerry

Hello, I have been using ipset to blacklist badbots. Works like a champ! The only problem is if I do a system reboot, I lose the ipset and the rule. I changed /etc/sysconfig/iptables.conf to: IPTABLES_SAVE_ON_RESTART="yes" IPTABLES_SAVE_ON_STOP="yes" And followed the instructions in: https://www.centos.org/forums/viewtopic.php?t=3853 The changes are still not saved.

Thank you.? I apologize for sending something that could be read.? There are more examples in there that I had commented out. Anyway,? here is my working iptables-save.? If someone could review my output and let me know if I am missing anything and if the order of the rules are the most secure they could be. TIA. Steve # Generated by iptables-save v1.4.21 on Fri Jun? 1 10:34:39

Am 27.08.2015 um 12:07 schrieb Rowland Penny: > Well, I don't think I will ever be able to help you with firewalld, it > sounds like it has something to with systemd and I will never use that > abortion, I may have to start using freebsd. can you please stop your systemd-trolling or at least assume something has to do with systemd because it has a 'd' letter in the name

On Mon, Jan 14, 2019 at 07:29:45AM +0000, Phil Perry (pperry at elrepo.org) wrote: > On 14/01/2019 07:09, Jobst Schmalenbach wrote: > > Hi > I use ipdeny's aggregated country lists to do the same thing: > > http://www.ipdeny.com/ipblocks/data/aggregated/ > > I just feed this data directly into ipset/iptables via a script running on > my firewall (not a C6 box).

Steve Frazier wrote: > Thank you.? I apologize for sending something that could be read.? There > are more examples in there that I had commented out. > Anyway,? here is my working iptables-save.? If someone could review my > output and let me know if I am missing anything and if the order of the > rules are the most secure they could be. > TIA. > Steve, Do you have any

Hi to all. First of all exchuse for my bad english I try to use Ajax.InPlaceEditor with a textarea: ################## new Ajax.InPlaceEditor($(''ipblock''), ''tools/admin_save.php'', { ajaxOptions: {method: ''get''}, rows:10, cols:20, callback: function(form, value) { return ''op=ipblock&value='' + value},

https://bugzilla.netfilter.org/show_bug.cgi?id=699 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |pablo at netfilter.org Resolution|

Am 27.08.2015 um 13:06 schrieb Rowland Penny: > On 27/08/15 11:51, Reindl Harald wrote: >> >> Am 27.08.2015 um 12:07 schrieb Rowland Penny: >>> Well, I don't think I will ever be able to help you with firewalld, it >>> sounds like it has something to with systemd and I will never use that >>> abortion, I may have to start using freebsd. >>

HI All - I created a /etc/firewalld/direct.xml file and put in it : <?xml version="1.0" encoding="utf-8"?> <direct> <chain ipv="ipv4" table="raw" chain="blacklist"/> <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-s 192.168.1.8 -j blacklist</rule>

Hello,? I hope that I can ask some questions on this mailing list about IPTables. I am more familiar with IPTABLES instead of FIREWALLD.? I disabled FIREWALLD and installed?iptables-services. I have put together a script that I found on the web on how to set up a good set of IPTABLES rules to keep my server as secure as possible. I have two NICs. ETH0 and ETH1. ETHO is the internet and ETH1 is my

I assumed this was a Centos 7 mailing list and I was looking for help with IPTABLEs.I have used mailing lists before.? Copying a file to an email address didn't have that type of output.? I apologize. First of all is this a Centos 7 Mailing list that I can ask for help or have I made a huge mistake?? IF so, should I just attach the file to the email. I apologize for the output, I had no idea.?

Hello all, I''m new to the list. But have been using Shorewall on and off for over a year now. The one thing that got me hooked on staying with Shorewall, was the extensive and useful documentation. Great Job! I see also that over use of blacklisting is time consuming for restarts, refresh and it also means the kernel spends more time checking incoming packets. The following is from:

Hello everyone, When I try to start firewalld in CentOS-8 it refuses with this in the /var/log/firewalld, any suggestions? 2019-12-11 19:11:25 WARNING: ipset not usable, disabling ipset usage in firewall. 2019-12-11 19:11:25 ERROR: No icmptypes found. 2019-12-11 19:11:25 ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack' modprobe:

On Dec 14, 2018, at 2:30 PM, Jon LaBadie <jcu at labadie.us> wrote: > > After a recent large update, firewalld's status contains > many lines of the form: > > WARNING: COMMAND_FAILED: '/usr/sbin/iptables? What?s the rest of the command? > Checking iptables.service status shows it to be masked. That?s probably from package iptables-services, which isn?t

I'm trying to figure out how to use firewalld on CentOS 7 to block access to ssh (on a custom port to control log bloat) and smtp submission except for specific source addresses, using ipset. I haven't been able to figure out how to combine a port number or service name with an ipset, either as a blacklist of nets or a whitelist of addresses. It looks like ipset with type of

Once upon a time, Jonathan Billings <billings at negate.org> said: > 'iptables' and 'nftables' are competing technologies. In CentOS 8, > firewalld's backend was switched from iptables to nftables. So it > would be expected that the iptables command wouldn't have any rules > defined, it isn't being used by firewalld. That is partially incorrect.