similar to: Dynamic blacklisting

Are shorewall-shell and shorewall-common required at compile time even if one only wishes to use shorewall-perl (4.0.9)? ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Attached patch makes the balloon driver arch-neutral (compiles on ia64... look ma, no #ifdef''s!). Please apply to xen-unstable. One change should be eyeballed, line 257 in balloon.c, because phys_to_machine_mapping[pfn] is not identical to pfn_to_mfn (different by sign bit, should be OK?) Signed-off by: Dan Magenheimer <dan.magenheimer@hp.com> diff -r 0255f48b757f

Hi, I followed the instructions in the section "Squid (transparent) Running on the Firewall" on http://www.shorewall.net/Shorewall_Squid_Usage.html to setup Squid transparently on a Linux gateway. My net is as follows: loc subnet --- fw Linux Gateway --- ADSL router 192.168.1.0/24 192.168.1.92 (eth1) WAN.WAN.WAN.2 (gw = WAN.WAN.WAN.WAN (eth0) 192.168.1.92) (gw =

Hi, I''ve been working the past 8 hrs combatting DDoS attacks on websites and dedicated servers I host for clients. They''re hitting one specific IP address, but coming from thousands of external IP addresses. I use: shorewall-4.0.10-3.noarch How can I tackle this? I''ve blocked many subnets in the blacklist file but it''s made very little difference. If

I''m new to openvpn and maybe I should be asking on openvpn''s list... But I read the tutorial: http://www.shorewall.net/OPENVPN.html#id2452626 and saw the following: " On System A: ifconfig 192.168.99.1 192.168.99.2 " I don''t understand the reason for using these "virual" IPs. For instance, I configured openvpn on my peers so that the IPs on the

Yes: # getent group GROUP group:x:17573: # getent group group2 group2:x:11010: # getent group GROUP3 group3:x:21178: # wbinfo --group-info GROUP group:x:17573: # wbinfo -n GROUP S-1-5-21-948789634-15155995-928725530-7573 SID_DOM_GROUP (2)

In my peculiar setup I need my shorewall router to do one-to-one NAT with RFC1918 addresses. The "external" addresses are 10.215.0.0 and the internal addresses are 192.168.0.0. I can ping, vnc, http, smb from 10.215.144.48 to 10.215.145.237 which is 192.168.44.237 internally. >From 192.168.44.237 I can do http, rdp, ping to 10.215.0.0 hosts. So all seems fine except for the fact

Hi folks, first of all thanks for Dovecot, I appreciate it a lot. On one of our servers, we experience regular tries to brute force logins, probably based on harvested mail addresses. Now I wonder if dovecot has or could in future have some mechanism to blacklist remote IP addresses after a configurable number of failures to login to any account. Blacklisted IPs could simply be disconnected

Hello, I''m reading this guide on ipv6 (really just getting my "feet wet"): http://www.shorewall.net/6to4.htm In the section "Configuring IPv6 using my script" I can read that the IPv6 interfaces are: INTERFACES="eth2 eth4" and that correlates fine with the first diagram/figure. However, further down I read "You will notice that sit1, eth0 and eth2

Some lists and emails are distributed via ns1.samba.org. For those of you that use ORBS, you'll find it is blacklisted now. There is no mention of it on the website and it doesn't return a positive when you enter it for testing but it has slipped into the ORBS blacklist somewhere. Samba.org admins may wish to force all ns1 outbound email via another netblock, bringing it up to ORBS only

Hi, Does anyone know how I can monitor our server's for blacklisting? We run a large amount of shared hosting & reseller hosting servers and from time to time one of the IP's will get blacklisted. I'm looking for a way to be notified if any of our IP's get blacklisted. Is this possible? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog:

-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: centos-bounces at centos.org

Hi, Given the recent increase in SIP brute force attacks, I've had a little idea. The standard scripts that block after X attempts work well to prevent you actually being compromised, but once you've been 'found' then the attempts seem to keep coming for quite some time. Older versions of sipvicious don't appear to stop once you start sending un-reachables (or straight

I'm trying to use the txfax application based on spandsp in Asterisk 1.2. It seems to be working but I would need a way to reliably check whether the fax has been completely transferred or not. I'm using a mail2fax system (as with email2fax and .call files) but I can't seem to get it working. If I use "Application" and "Data" in the .call file, there doesn't

Hi, I followed the guide here below to add my Samba client to an AD PDC (rid backend): https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member The end result is that commands such as: # wbinfo -g # wbinfo -u work fine in that I get a domain group and user listing. Also, computers in the domain network can transparently authenticate (Windows) to the newly-added (joined) Linux

Sorry, "encrypt passwords" was added by mistake. I see it is deprecated now. In any case, even without removing it, I decided to remove the member from the domain and added it again as I saw other posts with similar issues. I ran a "net ads leave" followed by a "net ads join" again, and after the message that it had joined successfully, now wbinfo -t and the likes

OK, interesting debate, but I still can't convert to SID. I still get messages such as this one: AUTH-PAM: BACKGROUND: my_conv[0] query='Cannot convert group GROUP to sid, please contact your administrator to see if group GROUP is valid.' style=4 # wbinfo -t checking the trust secret for domain DOMAIN via RPC calls succeeded # wbinfo --ping-dc checking the NETLOGON for

Hi, Is there any way to automatically block all traffic from IP''s that try more than X number of blocked ports for a preset amount of time? The log I get every morning seems to be getting bigger and bigger with port scans and attempts to access various services, it would be nice if these IP''s could be automatically blocked for like a week or two.. I wouldn''t want

It's Gentoo Linux. System uname: Linux-5.4.38-gentoo-x86_64-x86_64-AMD_EPYC_7272_12-Core_Processor-with-gentoo-2.6 KiB Mem: 32746472 total, 27513712 free KiB Swap: 37005244 total, 37005244 free Timestamp of repository gentoo: Fri, 29 May 2020 00:45:01 +0000 Head commit of repository gentoo: 9e5f0b894af4ad7780998a137656d0835b73213e sh bash 5.0_p17 ld GNU ld (Gentoo 2.33.1 p2) 2.33.1

Nice call. It almost worked except for a small error in 'man pam_winbind' -- DOMAIN\\GROUP should actually be DOMAIN\GROUP in the pam.d file. Now, I'm a bit confused. The pam module 'pam_winbind' is from the Samba suite. OpenVPN is just passing on the authentication decision to Samba. However, I was expecting to just use the group name without the domain name since I have