On Tuesday 23 April 2013 16:06:18 Richard Owlett wrote:
> I want to prevent an app from
> deciding to update on its schedule not mine.
I don't have any applications set to update automatically. That is the simple
solution to that problem!
Lisi
--
To UNSUBSCRIBE, email to debian-user-requ...
On Tuesday 23 April 2013 15:43:23 Dan Ritter wrote:
> On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> > I will be using email, Usenet, browser and occasionally file
> > downloading.
> > Nothing on my system should look/act like a server.
> > I want all programs to access the inter
t;No
>Always YES
>Ask each occurrence
This sounds like you want some kind of "personal firewall" like it is
(or was) common on Windows.
What problem do you want to solve? The security gain of this approach is
very small. The nearest solution is to setup iptables to re
Dan Ritter wrote:
On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
I will be using email, Usenet, browser and occasionally file
downloading.
Nothing on my system should look/act like a server.
I want all programs to access the internet after explicitly asking
for permission.
The r
On Tue, Apr 23, 2013 at 09:28:17AM -0500, Richard Owlett wrote:
> I will be using email, Usenet, browser and occasionally file
> downloading.
> Nothing on my system should look/act like a server.
> I want all programs to access the internet after explicitly asking
> for permission.
> The response t
I will be using email, Usenet, browser and occasionally file
downloading.
Nothing on my system should look/act like a server.
I want all programs to access the internet after explicitly
asking for permission.
The response to the request may be:
No
Always YES
Ask each occurrence
--
On Sun, Jan 27, 2013 at 10:51 AM, Pascal Hambourg wrote:
> Roberto Scattini a écrit :
> >
> > i just cant make it work.
> > all my outgoing packets keep going through the default gateway (even if
> > they have the correct IP address, from the other nic...).
> >
> > i think i need an explanation...
Roberto Scattini a écrit :
>
> i just cant make it work.
> all my outgoing packets keep going through the default gateway (even if
> they have the correct IP address, from the other nic...).
>
> i think i need an explanation... because i cant undestand how does the
> routing tables know that a p
On Wed, Jan 23, 2013 at 9:45 PM, Tom Furie wrote:
> On Tue, Jan 22, 2013 at 07:54:25PM -0300, Roberto Scattini wrote:
>
> > ~# route -n
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric RefUse
> > Iface
> > XX.220.XX.176 0.0.0.0 255.255.255.
On Tue, Jan 22, 2013 at 07:54:25PM -0300, Roberto Scattini wrote:
> ~# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric RefUse
> Iface
> XX.220.XX.176 0.0.0.0 255.255.255.255 UH0 00 eth3
> YY.20.YY.0 0.0.0.0
On Wed, Jan 23, 2013 at 8:00 PM, Tom Furie wrote:
>
>
> Possibly a silly question, but something you might have overloooked -
> what does your nat table look like? Are you forwarding the traffic from
> eth4 to your web server?
>
> Cheers,
> Tom
>
tom, yes, i have the same rules that i have for m
On Wed, Jan 23, 2013 at 05:47:02PM -0300, Roberto Scattini wrote:
> i also tried a different approach, found somewhere with google, that is
> more in line with my understanding of the problem.
> basically, it marks the packets so they can be routed back to the same nic
> they came in:
>
> ip rout
hi again,
Dňa Wed, 23 Jan 2013 00:07:51 -0300 "Carlos Miranda Molina
> (Mstaaravin)" napísal:
>
> > :~# ip route add default scope global nexthop via XX.220.XX.177 dev
> > eth3 weight 1 nexthop via YY.20.YY.Y dev eth4 weight 1
> > :~# ip route add '127.0.0.0/8' dev lo table T1
> > :~# ip route ad
Hi,
in English, please!
Dňa Wed, 23 Jan 2013 00:07:51 -0300 "Carlos Miranda Molina
(Mstaaravin)" napísal:
> On Tue, Jan 22, 2013 at 10:42 PM, Roberto Scattini <
> roberto.scatt...@gmail.com> wrote:
>
> > 1. the second interface, in on same subnet as the first
> > interface? no, they are co
On Tue, Jan 22, 2013 at 10:42 PM, Roberto Scattini <
roberto.scatt...@gmail.com> wrote:
> 1. the second interface, in on same subnet as the first interface?
> no, they are completely different
>
>
>> 2. the gateway for second interface is different as the first
>> interface?
>>
> yeah, bot
On Tue, Jan 22, 2013 at 9:46 PM, Carlos Miranda Molina (Mstaaravin) <
mstaara...@gmail.com> wrote:
>
>>
> 1. the second interface, in on same subnet as the first interface?
>
no, they are completely different
> 2. the gateway for second interface is different as the first
> interface?
>
On 12/09/12 17:59, Lists wrote:
> I use an outgoing policy of deny on webservers, and allow explicitely
> what I need them to connect to. This has never posed a problem, until
> today. I need to allow a website to pull in a feed from another site,
> hosted on amazon's elastic cloud thingy. The p
Hi guys,
I use an outgoing policy of deny on webservers, and allow explicitely
what I need them to connect to. This has never posed a problem, until
today. I need to allow a website to pull in a feed from another site,
hosted on amazon's elastic cloud thingy. The problem is, the DNS name
i
On Wed, Jul 04, 2012 at 11:19:06AM +0800, lina wrote:
> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
>From o
On Wed, Jul 04, 2012 at 11:19:06AM +0800, lina wrote:
> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
Have a
On Fri, Jul 06, 2012 at 05:39:47PM +0300, Andrei POPESCU wrote:
> On Mi, 04 iul 12, 15:16:10, Jon Dowland wrote:
> >
> > Except on Debian you are required to do a fair amount of work to make
> > your rules persistent across reboots and ensure you get ordering right
> > to not lock yourself out of
On Mi, 04 iul 12, 15:16:10, Jon Dowland wrote:
>
> Except on Debian you are required to do a fair amount of work to make
> your rules persistent across reboots and ensure you get ordering right
> to not lock yourself out of the box (if remote): all problems that
> do not exist if you install and u
>>> mailto:ralf.mard...@alice-dsl.net>> wrote:
> >>>> On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
[snip Lina's request for recommendation on firewalls]
[snip Ralf Mardorf's dry answer]
[snip Brad Alexander's disagreement]
[snip Anthony Campbell's anec
know which firewall (http://wiki.debian.org/Firewalls)
I should choose. Thanks ahead for recommendation, and it will be
very nice if you tell me why you recommend this one.
To answer drily: Test them and report what firewall does protect
you the best against no attacks. Linux for home usage was saf
Your reply (the text/plain portion) was completely illegible I'm afraid. Please
refrain from sending HTML mail.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201207
On Wed, Jul 04, 2012 at 04:52:10PM -0400, Brad Alexander wrote:
> Excellent points, Joe. In addition, Windows was designed from the ground up
> as a single-user operating system, which means that all of the files on a
> system were accessible by the user.
This is not true for the NT-based Windows
On 2012-07-05 10:05, Anthony Campbell wrote:
> On 04 Jul 2012,
Brad Alexander wrote:
>
>> On Wed, Jul 4, 2012 at 2:15 AM, Ralf Mardorf
wrote:
>>
>>> On Wed, 2012-07-04 at
11:19 +0800, lina wrote:
>>>
>>>> Hi, I don't know which fir
On 04 Jul 2012, Brad Alexander wrote:
> On Wed, Jul 4, 2012 at 2:15 AM, Ralf Mardorf
> wrote:
> > On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
> >> Hi,
> >>
> >> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> >> c
> On Wed, Jul 4, 2012 at 3:38 AM, Ralf Mardorf
> wrote:
>>
>> *chuckle* A trillion years ago I used a firewall myself. "Ports" are an
>> issue, I wasn't able to down- or upload by ftp. BUT, How many serious
>> attacks did you notice around the l
On Thu, Jul 5, 2012 at 5:31 AM, Brian wrote:
> On Wed 04 Jul 2012 at 11:19:06 +0800, lina wrote:
>
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I
>> should choose.
>>
>> Thanks ahead for recommendation, and it will be very nice if you te
On Wed, Jul 4, 2012 at 6:04 PM, Brian wrote:
> A commonly used phrase - military in origin, I imagine. One day I must
> investigate how a firewall can protect my mail server. Until then I will
> just continue to accept connections from anywhere.
I will give you an example of t
On Wed 04 Jul 2012 at 08:21:10 -0400, Eike Lantzsch wrote:
> OK, I see that this might be flamebait ...
>
> On Tuesday 03 July 2012 23:19:06 lina wrote:
> > Hi,
> >
> > I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> > choose.
&g
On Wed 04 Jul 2012 at 12:14:29 -0400, Brad Alexander wrote:
> On Wed, Jul 4, 2012 at 2:15 AM, Ralf Mardorf
> wrote:
> >
> > To answer drily: Test them and report what firewall does protect you the
> > best against no attacks. Linux for home usage was safe, is safe, wil
On Wed 04 Jul 2012 at 11:19:06 +0800, lina wrote:
> I don't know which firewall (http://wiki.debian.org/Firewalls) I
> should choose.
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
You can either manipulate net
On Wed, Jul 4, 2012 at 3:38 AM, Ralf Mardorf wrote:
>
> *chuckle* A trillion years ago I used a firewall myself. "Ports" are an
> issue, I wasn't able to down- or upload by ftp. BUT, How many serious
> attacks did you notice around the last 30 days?
Your aversion to s
On Wed, Jul 4, 2012 at 4:04 AM, Joe wrote:
>
> Most ports can be closed by configuration, even the infamous portmap
> can be limited to localhost if you're not using it externally e.g. for
> NIS or NFS. If you have a standalone Linux machine in a foreign
> network, pretty much everything can be cl
On 04/07/12 10:31, Mika Suomalainen wrote:
> On 04.07.2012 06:19, lina wrote:
>>
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I
>> should choose.
>>
>> [...]
>>
> I recommend UFW. It's simple to use and does everything what f
On Wed, Jul 4, 2012 at 3:46 PM, Joe wrote:
> On Wed, 4 Jul 2012 18:11:14 +0100
> Lisi wrote:
>
>> On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
>> > The third reason we
>> > are not in the same boat as windows is that we have a much smaller
>> > attack surface than Windows. Windows sti
On Wed, 4 Jul 2012 18:11:14 +0100
Lisi wrote:
> On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
> > The third reason we
> > are not in the same boat as windows is that we have a much smaller
> > attack surface than Windows. Windows still has over 90% penetration
> > on the desktop, There
On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
> The third reason we
> are not in the same boat as windows is that we have a much smaller
> attack surface than Windows. Windows still has over 90% penetration on
> the desktop, Therefore, they are the low hanging fruit.
How, then, do you e
On Wed, Jul 4, 2012 at 2:15 AM, Ralf Mardorf wrote:
> On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
>> Hi,
>>
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
>> choose.
>>
>> Thanks ahead for recommendation, and it will be v
P.S. Your guys are great.
Sometimes even I didn't reply item by item, or thanks one by one, but
I read every sentences in the emails. Many times read more than once.
So please kindly realize that your suggestions are very valuable and
highly appreciated (most time silently).
BTW, I didn't realize t
Hi,
Following the instructions from http://wiki.debian.org/iptables
I am kinda of "running" the iptables now? (perhaps I understand wrong.
welcome correction.)
One thing a bit unexpected (to me) is that there are continuously
rolling info as following:
Jul 4 22:18:07 Debian dhclient: DHCPREQU
On Wed, Jul 04, 2012 at 10:53:00AM +0300, Lars Noodén wrote:
> On 7/4/12 10:46 AM, Muhammad Yousuf Khan wrote:
> > Web base Firewall (IPCOP) very powerful with the addon called BOT
> > (block out traffice) base on IPtables.
>
> In some ways it's easier just to work with
OK, I see that this might be flamebait ...
On Tuesday 03 July 2012 23:19:06 lina wrote:
> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me
On Wed, Jul 4, 2012 at 1:16 PM, Ralf Mardorf wrote:
> On Wed, 2012-07-04 at 12:46 +0500, Muhammad Yousuf Khan wrote:
>> Web base Firewall (IPCOP) very powerful with the addon called BOT
>> (block out traffice) base on IPtables.
>
> I don't care, but I certain that I kno
On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
>
> Best regard
> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.
APF (Advanced Policy Firewall)
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
Easy to configure and comprehensivel
On Wed, 2012-07-04 at 12:46 +0500, Muhammad Yousuf Khan wrote:
> Web base Firewall (IPCOP) very powerful with the addon called BOT
> (block out traffice) base on IPtables.
I don't care, but I certain that I know some guys (no women) how
recommend IPCOP too, for good reasons. At least f
Thanks all.
Actually I even don't know how to check where there was/is attach or not.
I am looking for a firewall is mainly to have some sense of guarantee,
otherwise I will definitely freak out in front of attack.
I will start learning something about iptables.
Just know so little ^_^
T
On Wed, Jul 4, 2012 at 12:53 PM, Lars Noodén wrote:
> On 7/4/12 10:46 AM, Muhammad Yousuf Khan wrote:
>> Web base Firewall (IPCOP) very powerful with the addon called BOT
>> (block out traffice) base on IPtables.
>
> In some ways it's easier just to work with IPtables di
portmap
can be limited to localhost if you're not using it externally e.g. for
NIS or NFS. If you have a standalone Linux machine in a foreign
network, pretty much everything can be closed.
I'd have thought most of the simple firewall frontends would do what
you need. If they are simple to
On 7/4/12 10:46 AM, Muhammad Yousuf Khan wrote:
> Web base Firewall (IPCOP) very powerful with the addon called BOT
> (block out traffice) base on IPtables.
In some ways it's easier just to work with IPtables directly.
Regards,
/Lars
--
To UNSUBSCRIBE, email to debia
Web base Firewall (IPCOP) very powerful with the addon called BOT
(block out traffice) base on IPtables.
On Wed, Jul 4, 2012 at 12:38 PM, Ralf Mardorf
wrote:
> On Wed, 2012-07-04 at 15:04 +0800, lina wrote:
>> On 4 Jul, 2012, at 14:15, Ralf Mardorf wrote:
>>
>> > On
On Wed, 2012-07-04 at 15:04 +0800, lina wrote:
> On 4 Jul, 2012, at 14:15, Ralf Mardorf wrote:
>
> > On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
> >> Hi,
> >>
> >> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> >&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 04.07.2012 06:19, lina wrote:
> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I
> should choose.
>
> Thanks ahead for recommendation, and it will be very nice if you
> tell me why you rec
On 4 Jul, 2012, at 14:15, Ralf Mardorf wrote:
> On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
>> Hi,
>>
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
>> choose.
>>
>> Thanks ahead for recommendation, and it will be v
On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
To answer drily:
Hi,
I don't know which firewall (http://wiki.debian.org/Firewalls) I should choose.
Thanks ahead for recommendation, and it will be very nice if you tell
me why you recommend this one.
Best regards,
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subje
big jump in the TIME_WAIT
in my munin firewall graphs. See
https://intranet.tio.nl/Documenten/helpdesk/temp/fw_conntrack-week-linein.png
Any idea what is going on and what I need to look at?
Bonno Bloksma
senior systeembeheerder
tio
university of applied sciences
netherlands
--
To UNSUBSCRIBE
On Fri, 30 Mar 2012 22:48:18 +0400, wlan wrote in message
:
> 2012/3/30 Russell L. Harris
>
> > * Russell L. Harris [120324 07:15]:
> > > >From the standpoint of protection of a LAN (two or three
> > > >machines) for
> > > a home or home off
I think netfilter are better firewall, you can read documentation from
iptables. It's really cool. =)
2012/3/30 Russell L. Harris
> * Russell L. Harris [120324 07:15]:
> > >From the standpoint of protection of a LAN (two or three machines) for
> > a home or home office.
* Russell L. Harris [120324 07:15]:
> >From the standpoint of protection of a LAN (two or three machines) for
> a home or home office...
...
> Is there a good firewall application in Debian which provides a secure
> default configuration? Or must I learn how to configure a fir
On 2012-03-24, Charles Kroeger wrote:
>
> You won't get a 'stealth' rating at grc. Shorewall seems to leave port 0
That's all hooey anyway, that "stealth" business, as if you're some kind
of combat aircraft over an Iranian nuclear installation or something,
prospect which must be attractive to th
On Sb, 24 mar 12, 11:16:08, Charles Kroeger wrote:
>
> You won't get a 'stealth' rating at grc. Shorewall seems to leave port 0
> visible but closed. I don't know why this is but would be interested to know
> if someone on this list knew the reason.
Port 0? I haven't used Shorewall in a while, bu
On Sat, 24 Mar 2012 12:17:50 +
Chris Davies wrote:
> Russell L. Harris wrote:
> > From the standpoint of protection of a LAN (two or three machines)
> > for a home or home office, how effective is a firmware-based
> > firewall/router in comparison with a softw
What is the deal with port 0?
I have just tried grc, and my Shorewall firewall gets a 'stealth' rating.
Steven.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201203242218.08365.ste...@springl.ukfsn.org
>Is there a good firewall application in Debian which provides a secure
>default configuration? Or must I learn how to configure a firewall?
The package: 'arno-iptables-firewall' will do that. You will have to tell it
how you're connecting (e.g. eth0) but after that it will
Russell L. Harris wrote:
> From the standpoint of protection of a LAN (two or three machines)
> for a home or home office, how effective is a firmware-based
> firewall/router in comparison with a software-based stand-alone
> firewall/router? Is either significantly better th
Russell L. Harris wrote at 2012-03-24 02:02 -0500:
> Is there a good firewall application in Debian which provides a secure
> default configuration? Or must I learn how to configure a firewall?
Hopefully you are able to find something simple to use, but if you do learn
how to confi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I use UFW as firewall on all computers at home. It's very easy to
configure.
UFW (package ufw) can be found from Debian repositories. For
documentation see https://help.ubuntu.com/community/UFW . There is
also graphical user interface c
On Sat, 24 Mar 2012 07:02:42 +, Russell L. Harris wrote:
> From the standpoint of protection of a LAN (two or three machines) for
> a home or home office, how effective is a firmware-based firewall/router
> in comparison with a software-based stand-alone firewall/router?
I'
>From the standpoint of protection of a LAN (two or three machines) for
a home or home office, how effective is a firmware-based
firewall/router in comparison with a software-based stand-alone
firewall/router? Is either significantly better than the other?
I am thinking in terms of devoting
Csanyi Pal writes:
> Andrei Popescu writes:
>
>> On Sb, 14 ian 12, 20:18:31, Csanyi Pal wrote:
> Now, after I rebooted with my headless system, I can to SSH to it, and
> that is the good news.
>
> The bad news is that that I can't browse the Internet from the LAN
> behind the headless machine
Andrei Popescu writes:
> On Sb, 14 ian 12, 20:18:31, Csanyi Pal wrote:
>>
>> I must to reinstall instead of fixing the problem because this is a
>> headless PC Box, so if I make a mistake then it can be happen that that
>> I can't to SSH into that system again to fix the problem this way.
>
> Th
On Sb, 14 ian 12, 20:18:31, Csanyi Pal wrote:
>
> I must to reinstall instead of fixing the problem because this is a
> headless PC Box, so if I make a mistake then it can be happen that that
> I can't to SSH into that system again to fix the problem this way.
There is always a way: rescue disk w
t; IP_FORWARDING=Yes
>> nano /etc/shorewall/masq
>> eth0192.168.10.0/24
>> nano /etc/shorewall/interfaces
>> net eth0 detect blacklist,dhcp
>> loc eth1detect dhcp
>>
>> nano /etc/shorewall/zones
>&
2.168.10.0 (not 192.168.10.1).
> nano /etc/shorewall/interfaces
> net eth0detect blacklist,dhcp
> loc eth1detect dhcp
>
> nano /etc/shorewall/zones
> fw firewall
> net ipv4
> loc ipv4
>
> nano /etc/shorewall/
printk = 3 4 1 3
net.ipv4.ip_forward = 1
/etc/init.d/procps restart
nano /etc/shorewall/shorewall.conf
IP_FORWARDING=Yes
nano /etc/shorewall/masq
eth0192.168.10.1/24
nano /etc/shorewall/interfaces
net eth0detect blacklist,dhcp
loc eth1detect d
Hello,
Csanyi Pal a écrit :
>
> iface eth1 inet static
> address 192.168.10.1
> netmask 255.255.255.0
> network 192.168.10.0
> broadcast 192.168.10.255
This line is wrong :
> gateway 192.168.10.1
A host cannot be its own gateway. Also there can be only one default
gateway, a
Csanyi Pal wrote:
> I want to setup my headless pc box on which run a Debian Squeeze system
> for firewall/gateway/server for my home LAN.
Sounds good.
> What I want is to protect my LAN and to get a web server that is
> reachable from the Internet and from LAN too.
Sure.
>
On Vi, 13 ian 12, 22:04:02, Csanyi Pal wrote:
>
> I want to use Shorewall as firewall manager and apache2 as a webserver.
...
> IP Forwarding:
> cat /proc/sys/net/ipv4/ip_forward
> 1
>
> but this setup doesn't work yet. Why?
No idea, never got it to work either, bu
Hi,
I want to setup my headless pc box on which run a Debian Squeeze system
for firewall/gateway/server for my home LAN.
What I want is to protect my LAN and to get a web server that is
reachable from the Internet and from LAN too.
I want to use Shorewall as firewall manager and apache2 as a
We run a small set of web infrastructure with the following configuration:
- Upstream routre
- Cisco Catalyst 2960G switch segmented into two vlans.
- Pair of Debian boxes with a transparent bridging firewall comprising
eth1 and eth2. These implement the physdev kernel module and
hives: the default shorewall.conf has
ADMINISABSENTMINDED=Yes
which means it won't cut any *existing* (ssh) connections, even if the
new rule(s) would not allow them.
This allows one to changes the firewall and still fix things from the
existing session. It doesn't help much if you
T o n g wrote:
> The place that I work now block standard outbound ssh (and ftp) port
> connections. I'm wondering, for a "standard" corporate firewall practice,
> do they selectively block outbound ports, or do they selectively open
> them.
>
> From an end u
6E66 E934 3406 A110 F4FE
--
2011/9/9 T o n g :
> Hi,
>
> The place that I work now block standard outbound ssh (and ftp) port
> connections. I'm wondering, for a "standard" corporate firewall practice,
> do they selectively bl
Paul Stuffins wrote:
> My setup really only needs to allow access, from the internet to the server,
> on ports 80 and 443, for Apache, 6, for ssh and 3306, for MySQL along
> with access from the server to the Debian repos and 3306, I have a couple
> database servers that I manage from one centr
On Monday 01 August 2011 8:08:00 pm Scott Ferguson wrote:
>
> If you're not comfortable just using SSH to push across rulesets
> created using Guarddog (my choice), then you "might" consider using
> (the non-Debian) Webmin/Usermin/Virtualmin:-
> http://www.webmin.com/firewall.html
> http://prdownlo
ons of a front end, either one that I can
> > run via an Apache VirtualHost, obviously on a secured and locked down
> > VirtualHost so that only I can access it, or via SSH.
>
> There is a good set of firewall/iptables front-ends at debian wiki:
>
> http://wiki.debian.org/Fi
obviously on a secured and locked down
> VirtualHost so that only I can access it, or via SSH.
There is a good set of firewall/iptables front-ends at debian wiki:
http://wiki.debian.org/Firewalls
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
quid firehole ?
On 02/08/11 09:04, Jude DaShiell wrote:
Why not check out arnos-iptables-firewall?
On Tue, 2 Aug 2011, Alan Chandler wrote:
On 01/08/11 21:56, Paul Stuffins wrote:
Hi Guys,
I am trying to set iptables up, but am getting into a right mess editing
the rules direct in the init
Why not check out arnos-iptables-firewall?
On Tue, 2 Aug 2011, Alan Chandler wrote:
> On 01/08/11 21:56, Paul Stuffins wrote:
> > Hi Guys,
> >
> > I am trying to set iptables up, but am getting into a right mess editing
> > the rules direct in the init scrip
down
VirtualHost so that only I can access it, or via SSH.
--Paul
I am not sure I understand exactly what you mean, but this is my set of
firewall rules which I reference in /etc/network/interfaces/pre-up.
They are stored in file /etc/firewall
Unlike the other replies I hand crafted these
Csanyi Pal wrote:
> Paul Stuffins writes:
> > What are peoples recommendations of a front end, either one that I can
> > run via an Apache VirtualHost, obviously on a secured and locked down
> > VirtualHost so that only I can access it, or via SSH.
>
> I'm usin
Paul Stuffins writes:
> What are peoples recommendations of a front end, either one that I can
> run via an Apache VirtualHost, obviously on a secured and locked down
> VirtualHost so that only I can access it, or via SSH.
I'm using shorewall to setup my firewall.
--
Rega
On 02/08/11 06:56, Paul Stuffins wrote:
Hi Guys,
I am trying to set iptables up, but am getting into a right mess editing
the rules direct in the init script.
What are peoples recommendations of a front end, either one that I can
run via an Apache VirtualHost, obviously on a secured and locked
On Aug 1, 2011, at 2:56 PM, Paul Stuffins wrote:
> I am trying to set iptables up, but am getting into a right mess editing the
> rules direct in the init script.
>
> What are peoples recommendations of a front end, either one that I can run
> via an Apache VirtualHost, obviously on a secured a
Hi Guys,
I am trying to set iptables up, but am getting into a right mess editing the
rules direct in the init script.
What are peoples recommendations of a front end, either one that I can run
via an Apache VirtualHost, obviously on a secured and locked down
VirtualHost so that only I can access
On 7/20/11, Regid Ichira wrote:
> hadi motamedi gmail.com> writes:
>
>> - Add the following line to /etc/sysconfig/iptables
>> -A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
>> Then issue:
>> #service iptables restart
>> I tried for it and now t
301 - 400 of 2077 matches
Mail list logo