similar to: Re: whitelisting one IP in blacklisted netblock

I'm trying to figure out how to use firewalld on CentOS 7 to block access to ssh (on a custom port to control log bloat) and smtp submission except for specific source addresses, using ipset. I haven't been able to figure out how to combine a port number or service name with an ipset, either as a blacklist of nets or a whitelist of addresses. It looks like ipset with type of

Some lists and emails are distributed via ns1.samba.org. For those of you that use ORBS, you'll find it is blacklisted now. There is no mention of it on the website and it doesn't return a positive when you enter it for testing but it has slipped into the ORBS blacklist somewhere. Samba.org admins may wish to force all ns1 outbound email via another netblock, bringing it up to ORBS only

On Sun, Apr 19, 2020 at 8:58 AM Jeffrey Walton <noloader at gmail.com> wrote: > > Hi Everyone, > > We rent a CentOS 7 VM from GoDaddy. We received a warning about > excessive cpu usage, and a threat to cancel our service. We tracked it > down to Apache and someone hammering our web server. > > The offending host is 59.64.129.175. To err on the side of caution we >

On 19/04/2020 14:58, Jeffrey Walton wrote: Hi Jeffrey, > The offending host is 59.64.129.175. To err on the side of caution we > attempted to block the entire netblock. According to whois data, > that's 59.64.128.0-59.64.159.255. > > iptables -A INPUT -s 59.64.128.0/19 -p TCP -j DROP > > After reboot cpu usage is still high and access_log still shows > useless

Thought it might also be helpful to confirm that firewalld is not interfering in any way. what is the output of ~$# systemctl status firewalld On Sun, Apr 19, 2020 at 9:30 AM Jeffrey Walton <noloader at gmail.com> wrote: > > On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev <anandb at ripe.net> wrote: > > > > On 19/04/2020 14:58, Jeffrey Walton wrote: > > >

On Sun, Apr 19, 2020 at 9:40 AM Mike <1100100 at gmail.com> wrote: > > Thought it might also be helpful to confirm that firewalld is not > interfering in any way. > > what is the output of ~$# systemctl status firewalld Thanks Mike. # systemctl status firewalld Unit firewalld.service could not be found. Jeff

On 19/04/2020 15:30, Jeffrey Walton wrote: > Ugh, thanks. I did not realize the changes were only temporary. > > What is the recommended way to permanently add a ban rule? On CentOS 7, the default firewall is "firewalld", and you can configure it with "firewall-cmd". You can use it to add temporary or permanent rules. You can read the man page of that to learn how

Hi Everyone, We rent a CentOS 7 VM from GoDaddy. We received a warning about excessive cpu usage, and a threat to cancel our service. We tracked it down to Apache and someone hammering our web server. The offending host is 59.64.129.175. To err on the side of caution we attempted to block the entire netblock. According to whois data, that's 59.64.128.0-59.64.159.255. iptables -A INPUT

On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev <anandb at ripe.net> wrote: > > On 19/04/2020 14:58, Jeffrey Walton wrote: > > Hi Jeffrey, > > > The offending host is 59.64.129.175. To err on the side of caution we > > attempted to block the entire netblock. According to whois data, > > that's 59.64.128.0-59.64.159.255. > > > > iptables -A

I am migrating from my "old" 2.2.7 samba server to a newer server runnig 3.0.20a and everythig is working except the [homes] share. The server (FILE-CABINET) is a member of the domain, security is set to ADS and, as far as I can tell, kerberos is working. The program wbinfo returns a list of users and groups like it should. getent passwd returns first my local passwd file and then

Hi, I've got Samba 2.0.2 and a server NT4 SP3 with Seagate BackupExec 7.0. When I want to backup Samba with Seagate BackupExec, I get a message saying "Unable to connect to server, <F5> to retry", and then another one saying "A device specific error occured". I've read all the Samba archive about that subject, but I do not find any solution. I don't

Windows 2012 R2 domain at highest level and one rhel6.5 samba server(3.6) Been throwing everything at this for the last few days. I can join to the domain and create ACL enabled shares but this one command I am struggling with. $ net rpc rights grant 'BES\Domain Admins' SeDiskOperatorPrivilege -Uadministrator Enter administrator's password: Could not connect to server 127.0.0.1

Was wondering if someone could tell me if this is correct. I want to set up some DFS shares. I have 3 servers with SAMBA/LDAP on them. My first is basically my PDC and the other two are my BDCs. I assume that I will have to set all of this up on each server, so that no matter which server catches the logon, the logon script will get run. Also, if one of the servers was to go down for a

I am using Samba 3.0.20a with winbindd on FC3 and all the shares except one are working. I keep getting a permison denied error for non-local users in certain directories. The permissions on the directory are # ls -ld . drwxr-xr-x 11 procman users 4096 Aug 3 15:35 . # ls -l drwxrwx--- 12 procman admin 4096 Aug 2 15:47 administration drwxrwx--- 5 procman data-entry 4096 Nov 16

I have registered a project with Sourceforge to produced a Webmin module for Shorewall. http://sourceforge.net/projects/webmin-shorewal/ Anyone interested in participating please email me at enemyofthestate at users.sourceforge.net I am still learning the interface but I think I need your Sourceforge Nym to add you as a developer. -- Stephen Carville Unix and Network Adminstrator

Hello list members, Over the past 12 hours my firewall box has had over 300 hits to port 1434 from numerous ip''s. I ran tcpdump on a couple of them and it looks like the ms-sql exploit attempt. I don''t use ms-sql. I''ve always gotten a few hits per day, but now it''s gotten out of control. I use logcheck to email the system logs to me and at this rate by the

Hi everyone: I need to count the number of banks of each firm in my data. The firm is identified by the fiscal number. The banks of each firm appears like this: Firm Banks 500600700 Citybank 500600700 CGD 500600700 BES 500600800 Citybank 500600800 Bank1 500600900 CGD I want to obtain the following dataframe: Firm

Hello, I've installed the TDMA whitelist filter in front of majordomo on all mailing lists at Xiph.Org. I also repaired a few unrelated spam filter breaks. Posting from subscribed email addresses is unaffected. Any post to a mailing list from an unknown email list will require a confirmation message the first time posting from that mail address. A confirmation reply adds that address to

Hello, I've installed the TDMA whitelist filter in front of majordomo on all mailing lists at Xiph.Org. I also repaired a few unrelated spam filter breaks. Posting from subscribed email addresses is unaffected. Any post to a mailing list from an unknown email list will require a confirmation message the first time posting from that mail address. A confirmation reply adds that address to

Hello, I've installed the TDMA whitelist filter in front of majordomo on all mailing lists at Xiph.Org. I also repaired a few unrelated spam filter breaks. Posting from subscribed email addresses is unaffected. Any post to a mailing list from an unknown email list will require a confirmation message the first time posting from that mail address. A confirmation reply adds that address to