[BlueOnyx:25665] Re: [EXTERNAL] Can't specify whitelist entry

[Ceelie, Arie (VodafoneZiggo)]

If I remember correctly every entry has to be on its own line:



Instead of


I may be totally wrong here.



C2 VodafoneZiggo Internal
From: Blueonyx  On Behalf Of Ed Qualls
Sent: vrijdag 21 oktober 2022 06:26
To: blueonyx@mail.blueonyx.it
Subject: [EXTERNAL] [BlueOnyx:25664] Can't specify whitelist entry

You don't often get email from 
eduard.qua...@gmail.com. Learn why this is 
important
In the "Whitelist" entry-field on the "Login Manager" page (using 5210r), I 
cannot enter anything following the pre-filled value 
"127.0.0.1/32" without the form immediately throwing up a 
red complaint that something needs to be fixed-it doesn't say what needs to be 
done.

I can't find anything in the docs that specify the data and the format of the 
data that need to go into this field. I've tried IP address, then 
"*@mynetprovider.net" forms, separated from the 
prefilled IP address by carriage return, comma, semicolon, etc., but none of it 
has been acceptable.

Because I want to set "Host rule" to as low a number as feasible, I want the 
assurance that my own IP will not be hit with "530" errors.

Can you point me to the docs that demonstrate how to fill in this field?

Thanks!

--
Eduard Qualls
www.eduardqualls.com
[https://ci3.googleusercontent.com/mail-sig/AIorK4z0oljRVkBvcSDfv067hMZzctSm8q-bW8L9f1JSi0LAdDxNeg6trzzFPKC3niTuUnusjEUTM2Ue2BtyYTAtPr0Df55yMZf-5E7bfl3naQ]
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25664] Can't specify whitelist entry

[Ed Qualls]

In the "Whitelist" entry-field on the "Login Manager" page (using 5210r), I
cannot enter anything following the pre-filled value "127.0.0.1/32" without
the form immediately throwing up a red complaint that something needs to be
fixed—it doesn't say what needs to be done.

I can't find anything in the docs that specify the data and the format of
the data that need to go into this field. I've tried IP address, then "*@
mynetprovider.net" forms, separated from the prefilled IP address by
carriage return, comma, semicolon, etc., but none of it has been acceptable.

Because I want to set "Host rule" to as low a number as feasible, I want
the assurance that my own IP will not be hit with "530" errors.

Can you point me to the docs that demonstrate how to fill in this field?

Thanks!

-- 
Eduard Qualls
*www.eduardqualls.com *
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25663] Re: ip address server-access blocks

[Meaulnes Legler @ MailList]

hello

if you have several servers and don't want to have to block an IP address / 
address range manually on each one of them, APF Firewall has a cool feature: 
External Resources

create your IP list of addresses to deny in a textfile, one IP per line, and 
upload it to a publicly accessible URL, like 
http://myserver.com/glob_deny.rules_all.txt

then in the GUI: Server Management > Security > APF Firewall > External Resources, 
add [myserver.com/glob_deny.rules_all.txt] into the Deny URL field with the http protocol 
and > [√Save]

of course you would have to do this on each server, but just once. Then, when 
you want to add a new address to block, just edit your list and the changes are 
applied to all servers the next day.

best regards

で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25662] Re: ip address server-access blocks

[Michael Stauber]

Hi Ed,

What is the best way to block an ip address from accessing the server 
and any vsite on the server? Firewall?


I have the ip addresses from which attacks are being staged on vsites on 
my server and I need to block them as widely as possible.


There are a couple of ways and this also depends in part on which 
BlueOnyx version you're using.


BlueOnyx 5209R: There you can use either "iptables" or "firewalld" for 
allowing / denying access.


BlueOnyx 5210R: Uses "firewalld" or "nftables".

The easy way for both is to get the "APF" Package from the BlueOnyx 
shop: https://www.solarspeed.net/apf.html


On 5209R this gives you access to APF, which has a nice GUI to allow you 
to configure the IPtables firewall.


On 5210R that purchase grants you access to both APF and a GUI for 
Firewalld. You can install both PKGs, but only one of them can be active 
at the same time.


Honorable mention: You can also set a null-route that remains around 
until the next server reboot or network restart. This works equally well 
on any BlueOnyx version and blocks ALL access to or from the given IP 
address range.


Example:

ip route add unreachable 5.34.207.0/24

Please note that you need to specify an IP address range there and not 
just the IP.


The above example denies any access to and from the IP address range 
5.34.207.0/24, which belongs to Spaceshipnetworks LTD in Kyiv, Ukraine. 
These fuckers have been hammering brute force SMTP connections against 
apparently any internet facing IP for months now. So I usually 
null-route them just to be done with it. :p


--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx