similar to: firewall help request

At 03:47 PM 6/16/2020, Kenneth Porter wrote: >The rule is in the wrong chain. The INPUT chain affects packets that >terminate at the same machine. You want to block packets that will >be passed on to the Internet, so your rule needs to be in the >FORWARD chain. (The OUTPUT chain affects packets that originate at >your machine.) > >Here's a nice collection of diagrams

On Tue, 16 Jun 2020, Leroy Tennison wrote: > I have a gateway machine (currently Centos 7 with IPV4 only) with two > NICs. One is connected to the internet, the other to an internal > network (10.0.0.0/24) of mixed hardware (windows7, android tablets, > android phones, linux boxes) using NAT. I wish to block all outgoing > connects to any external IP address on port 22 (ssh)

Hi, I am running CentOS Linux release 8.2.2004 (Core) on a remote server. I am running the below iptables command to allow SSH port 22 from a specific source IP 219.91.200.59 iptables -A INPUT -m tcp -p tcp -s 219.91.200.59 --dport 22 -j ACCEPT > service iptables save The above iptables ruleset is not working and I am still able to connect from the internet to SSH port 22. I look forward to

Is your policy accept? It is possible to trace the packet through the netfilter path by setting up raw table rules with TRACE as the target and logging turned on (search the web for details - probably too much to post here) but be aware that you need a very controlled test because the syslog entries will likely be an order of magnitude greater than the actual packet count.

Hi Leroy, How I can confirm that during rsync transfer corruption are not encountered? Thank you in advance. Il 01/07/20 16:04, Leroy Tennison ha scritto: > I've used rsync (but probably not for the size you're referring to), it works and has enough features to meet most needs. I have had a single situation where corruption occurred during transfer (a few times, have no idea why),

Il 01/07/20 17:13, Leroy Tennison ha scritto: > I realize this shouldn't happen, the file is a tgz and isn't being modified while being transmitted. This has happened maybe three times this year and unfortunately I've just had to deal with it rather than invest the time to do the research. > > > Harriscomputer > > Leroy Tennison > Network Information/Cyber

Once upon a time, Leroy Tennison <leroy at datavoiceint.com> said: > The executable could be placed on mounted read-only media That's not as secure as you think. Linux bind mounts can mount a file over another file (plus there's overlay filesystems), so it's possible to replace a binary even on a read-only device. -- Chris Adams <linux at cmadams.net>

Hi There is a Centos 7 up-to-date box with 2 interfaces, let's say 192.168.1.12 - enp2s0, 192.168.1.13 on enp3s0. Default gateway on enp2s0. The gateway is pfsense, IP is 192.168.1.1 with 2 WAN connections On the gateway the outgoing traffic is routed by source ip to different WAN, 192.168.1.12 to WAN1 and 192.168.1.13 to WAN2 On the centos box are set all the route and routing rules:

Without context it's impossible to make firm statements but, having gone through this a while back (and discovering that less than 1 percent of an examined list of connections couldn't support current ssl - mainly Apple hardware), who do you want to protect? Is it the minority who won't/can't upgrade or the majority who have? And, do you have to protect yourself from liability

On Wed, Aug 10, 2016 at 09:29:15AM +0300, Levente Birta wrote: > I read the document again ... and this talk about accessing this multi-homed > host from the internet... > I have all this configured and working! You say this is working because of the output here? # ip route show default via 192.168.1.1 dev enp3s0 default via

At 12:30 PM 6/16/2020, John Pierce wrote: >On Tue, Jun 16, 2020 at 12:26 PM david <david at daku.org> wrote: > > > > > Examples of what I've tried, and then tested. None of them stopped > > an outgoing SSH from an internal system. > > > > iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP > > iptables -I INPUT -p tcp --dport 22 -s

I need to connect an older APS UPS unit to a machine running CentOS 7. Unfortunately the UPS only has a serial port whereas the computer does not. I am aware that there are USB-serial adapters but that the hardware or the drivers might fall short of expectations. Does anyone have positive experience with such an adapter? Or, conversely, would recommend avoid a particular adapter?

Hi everyone, I have updated my backup server to CentOS 8.2. It runs bacula performing backup on disks. I would like to replicate backups on another offsite machine. I read about the ability to configure a new storage daemon in the offsite location and create a Migration/Copy Jobs. If I'm not wrong, it replicates only volumes but not replicate the catalog. I will try this. Another way to

Hi, I just migrated my office's server from Slackware64 14.1 to CentOS 7. So far everything's running fine, I just have a few minor details to work out. I removed the firewalld package and replaced it by a simple Iptables script: --8<---------------------------------------------------- #!/bin/sh # # firewall-lan.sh IPT=$(which iptables) MOD=$(which modprobe) SYS=$(which sysctl)

On 2020-07-08 10:23, Leroy Tennison wrote: > I've used one on a Linux laptop, it "just worked" but the OS wasn't CentOS 7. > It is not clear if you used USB from APC UPS to USB port on the machine side or USB - to - "serial". USB to USB with standard USB cable will work. If one uses serial to USB adapter on the machine side (to create serial port through USB

Hi, how can DNS reliability, as experienced by clients on the LAN who are sending queries, be increased? Would I have to set up some sort of cluster consisting of several servers all providing DNS services which is reachable under a single IP address known to the clients? Just setting up several name servers and making them known to the clients for the clients to automatically switch isn't

On 09/08/2016 20:01, Gordon Messmer wrote: > On 08/08/2016 04:05 AM, Levente Birta wrote: >> Can I add this in any config files (ex: route-enp2s0)? > > > Yes. Add a route file for each interface, and set up rules to send > packets out the corresponding physical interface: > > https://blogs.oracle.com/networking/entry/advance_routing_for_multi_homed > Yes, but no

There was a thread about C7 bash completion back in August last year, but it doesn't have answers for this problem. Example: "yum install /path/to/local/package" works fine with tab completion to fill in the path and package bits. However, "yum --debuglevel="1" install ..." just gets stuck and doesn't offer anything. The only option is to type everything

Il 02/07/20 15:02, Valeri Galtsev ha scritto: > > > On 7/2/20 3:22 AM, Alessandro Baggi wrote: >> Il 01/07/20 17:13, Leroy Tennison ha scritto: >>> I realize this shouldn't happen, the file is a tgz and isn't being >>> modified while being transmitted.? This has happened maybe three >>> times this year and unfortunately I've just had to deal

> On Wed, 2020-03-25 at 14:39 +0000, Leroy Tennison wrote: >> Since you state that using -z is almost always a bad idea, could you >> provide the rationale for that? I must be missing something. >> > I think the "rationale" is that at some point the > compression/decompression takes longer than the time reduction from > sending a compressed file. It