Am Montag 19 April 2004 12:59 schrieb Volker Tanger:
Works like a charm, but:
- create custom kernel (TAP/TUN)
- compile OpenVPN from source (no problems)
Why creating a custom kernel? The tun/tap device is included in the debian
standard kernel images, so there is no need for
Am Montag 19 April 2004 12:59 schrieb Volker Tanger:
Works like a charm, but:
- create custom kernel (TAP/TUN)
- compile OpenVPN from source (no problems)
Why creating a custom kernel? The tun/tap device is included in the debian
standard kernel images, so there is no need for
Hi,
you shouldn't try to block everything that comes from a host which has no open
smtp port, this is in generel a bad idea...
reason: there are a lot (and I mean a lot) of servers out there, which only
sends mail out to the world, but should never recieve any mail directly, so
that it is
Hi,
you shouldn't try to block everything that comes from a host which has no open
smtp port, this is in generel a bad idea...
reason: there are a lot (and I mean a lot) of servers out there, which only
sends mail out to the world, but should never recieve any mail directly, so
that it is
Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack:
Hello,
Hi :)
[...]
Now my Question:
Creating a Local GBit-Network in Marocco is generaly no Problem, it
is not a big difference between it and my local network, exept I need
a little bit more cable.
in theory this is correct, but
Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack:
Hello,
Hi :)
[...]
Now my Question:
Creating a Local GBit-Network in Marocco is generaly no Problem, it
is not a big difference between it and my local network, exept I need
a little bit more cable.
in theory this is correct, but
Am Dienstag 06 April 2004 17:37 schrieben Sie:
Hi Ralph,
thanks for the hint.
[...]
I did it like this, but after the first line
iptables said: cannot use parameter -o with
INPUT (or something like this - I can't remember
exactly).
So I left out -o lo at the INPUT rule, and also
left
Am Dienstag 06 April 2004 17:37 schrieben Sie:
Hi Ralph,
thanks for the hint.
[...]
I did it like this, but after the first line
iptables said: cannot use parameter -o with
INPUT (or something like this - I can't remember
exactly).
So I left out -o lo at the INPUT rule, and also
left
sorry, I forgot to put in the link after because you are german: :))
so here it is:
http://www.heise.de/security/result.xhtml?url=/security/artikel/43066words=Cookie
its about syn floods and the syncookies thing :)
--Ralph
you should also filter out 127.0.0.0/8 on any network interface but lo.
so that spoofing with localhost-adresses is not possible anymore.
( for example:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p
you should also filter out 127.0.0.0/8 on any network interface but lo.
so that spoofing with localhost-adresses is not possible anymore.
( for example:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET
iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p
Am Montag, 29. März 2004 17:38 schrieb Ronny Adsetts:
Sonny was heard to utter, at roughly 29/03/04 16:27:
I was thinking about setting up a mirror of Debian for a local computer
group in the area, but a simple wget will result in way too much being
pulled down for what they need.
Are
Am Montag, 29. März 2004 17:38 schrieb Ronny Adsetts:
Sonny was heard to utter, at roughly 29/03/04 16:27:
I was thinking about setting up a mirror of Debian for a local computer
group in the area, but a simple wget will result in way too much being
pulled down for what they need.
Are
you are missing the following config options (main.cf):
mynetworks = 127.0.0.1
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
mydestination = localhost, complete-hostname-of-your-server
That's all you need.
But it sounds like you don't need your postfix listen on
you are missing the following config options (main.cf):
mynetworks = 127.0.0.1
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
mydestination = localhost, complete-hostname-of-your-server
That's all you need.
But it sounds like you don't need your postfix listen on
15 matches
Mail list logo