On 2024-01-12, Ralph Aichinger wrote:
> I "only" have to find out what mechanism adds the lower, en2 default
> route within a few minutes, once I delete it. I ran "radvdump", but
> that only dumped the correct announcement my provider sends for the
> net over the PPPoE connection. Hm.
>
> Thanks e
On Fri, Jan 12, 2024 at 07:35:14PM +0100, Michel Verdier wrote:
> meta l4proto udp log level info prefix "udp" accept
Thanks for that, and thanks to Michael Kjörling, your replies really
helped.
I found log lines similar to:
2024-01-12T19:51:32.999346+01:00 pi kernel: [3401524.305759]
ralphfi
On 2024-01-12, Ralph Aichinger wrote:
> If I insert the following rule at the bottom, everything starts to
> work:
>
> meta l4proto udp accept
Add log to see what would be dropped:
meta l4proto udp log level info prefix "udp" accept
Provide "nft list ruleset" to better see what nft understa
On Fri, Jan 12, 2024 at 05:26:57PM +, Michael Kjörling wrote:
> My suggestion would be to insert a "udp log" rule. (Pretty sure you
> only need "udp", not "meta l4proto udp".)
Thanks, I will try that. Yes "meta l4proto udp" might be cargo
cult configuration ;)
> That will give you a fireh
On 12 Jan 2024 16:19 +0100, from r...@h5.or.at (Ralph Aichinger):
> If I insert the following rule at the bottom, everything starts to
> work:
>
> meta l4proto udp accept
>
> but I don't know how to limit this over broad rule (so it does not
> forward UDP to the internal network on en0, which I
On Fri, Jan 12, 2024 at 03:52:46PM +, Tom Furie wrote:
> other input/output rules that are interfering, but since you've abridged
> your ruleset we have no way of knowing.
Sorry, wanted to include the full rulest an forgot. I've still have left
off the "table ip nat" and "table ip filter" chai
On Fri, Jan 12, 2024 at 03:52:46PM +, Tom Furie wrote:
> Where is the DNS server the dmz host is resolving against? In your dmz,
> your internal network, on the firewall machine, outside? You may have
> other input/output rules that are interfering, but since you've abridged
> your ruleset we h
Ralph Aichinger writes:
> I am currently fighting with the following problem: I've got a system
> that has 3 relevant interfaces: ppp0, en0 and en2, for external,
> internal and dmz respectively.
>
> The dmz is IPv6 only, a homelab testbed more or less.
>
> I've got the follwing rules in /etc/nf
Hello!
I am currently fighting with the following problem: I've got a system
that has 3 relevant interfaces: ppp0, en0 and en2, for external,
internal and dmz respectively.
The dmz is IPv6 only, a homelab testbed more or less.
I've got the follwing rules in /etc/nftables.conf for ipv6 (i am
abr
On Saturday 25 April 2020 13:44:56 Liam O'Toole wrote:
> On Sat, 25 Apr, 2020 at 13:08:38 -0400, Gene Heskett wrote:
> > Greetings all;
> >
> > One last name stands out in my apache2 logs.
> >
> > Is AppleWebKit a bot? There sure are a lot of them.
> >
> > Thanks all.
> >
> > Cheers, Gene Heskett
On Sat, 25 Apr, 2020 at 13:08:38 -0400, Gene Heskett wrote:
> Greetings all;
>
> One last name stands out in my apache2 logs.
>
> Is AppleWebKit a bot? There sure are a lot of them.
>
> Thanks all.
>
> Cheers, Gene Heskett
AppleWebKit appears in the user-agent string sent by chrome and other
b
Greetings all;
One last name stands out in my apache2 logs.
Is AppleWebKit a bot? There sure are a lot of them.
Thanks all.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we d
I have installed a simple firewall, personal home PC, dial up link, no
ethernet. It consisted of ...
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A block -j DROP
iptables -A INPUT -J block
i
On Sat, Feb 15, 2003 at 03:39:01PM -0500, Roberto Sanchez wrote:
> I am planning on getting DSL in the near future, so I have been
considering
> what to do about a firewall.
>
> My intended setup is like this:
>
> www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN
>
> However, I woul
On Sat, Feb 15, 2003 at 03:17:29PM -0600, Jeffrey L. Taylor wrote:
> On the LAN, try nmap and Nessus. From the Internet, www.grc.com and
> www.vulnerabilities.org. The former is the Web site for Steve Gibson,
> a controversial figure. His Shields Up! scan is Window-centric, but a
> decent starti
On Sat, Feb 15, 2003 at 03:39:01PM -0500, Roberto Sanchez wrote:
> I am planning on getting DSL in the near future, so I have been considering
> what to do about a firewall.
>
> My intended setup is like this:
>
> www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN
>
> However, I w
Quoting Roberto Sanchez <[EMAIL PROTECTED]>:
>
> I am planning on getting DSL in the near future, so I have been considering
> what to do about a firewall.
>
> My intended setup is like this:
>
> www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN
>
> However, I would still like t
* Roberto Sanchez ([EMAIL PROTECTED]) [030215 12:51]:
>
> I am planning on getting DSL in the near future, so I have been considering
> what to do about a firewall.
>
> My intended setup is like this:
>
> www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN
>
> However, I would sti
I am planning on getting DSL in the near future, so I have been considering
what to do about a firewall.
My intended setup is like this:
www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN
However, I would still like to have a firewall on each individual machine.
I downloaded fi
[Sat, Oct 27, 2001 at 02:21:19PM +0200] Tarjei Huse :
> but other trafic being stopped for unknown reasons. Has anyone
> experienced things like this ?
I too had a similar problem and tnx to a hint from dman, I was able to
stop it from being echoed on to the console/screen.
The problem
Hi,
I'm getting tonns, and tonns of messages like this from my iptables script. I'm
suspectiong that this isn't nust evil trafic, but other trafic beeing stopped
for unknown reasons. Has anyone experienced things like this?
from the log:
kernel: ipt_unclean: TCP flags bad: 4
MAC=00:40:33:d2:41:3
Hi
A friend of mine asked me to set up a firewall with an old P90 he had
for spare
when his ADSL connection was installed. Last week the cable guy came and
then we spent some time setting things up
in a preliminary fashion.
The ISP normally provides a fixed IP number (yes!) and I thought a
stand
On Fri, Jan 28, 2000 at 09:26:46AM -0500, Bill White wrote:
> Hi. I have a question about how powerful my firewall computer should
> be.
>
> I want to make a firewall for a small constellation of computers
> in my living room. Behind the firewall I will have two Win98 computers,
> one computer w
On Fri, 28 Jan 2000, Bill said:
> Hi. I have a question about how powerful my firewall computer should
> be.
>
> I want to make a firewall for a small constellation of computers
> in my living room. Behind the firewall I will have two Win98 computers,
> one computer which boots Win98 or several
Hi. I have a question about how powerful my firewall computer should
be.
I want to make a firewall for a small constellation of computers
in my living room. Behind the firewall I will have two Win98 computers,
one computer which boots Win98 or several flavors of Unix/Linux, and
one Hurd box. Th
Quick question about a slink firewall. Its log files have lots of
entries like this (cut to avoid line wrap):
Dec 26 02:28:44 leader kernel: Packet log: out DENY lo PROTO=1 xx.xx.xx.xx:3
xx.xx.xx.xx:1 L=101 S=0xC0 I=57427 F=0x T=#255 (8)
where, xx.xx.xx.xx is the IP of the Ethernet card goin
Giuseppe Sacco <[EMAIL PROTECTED]> writes:
> Weel, we have all our data available in a web server, so we'd like to browse
> the data in the same way. Maybe we can have something like:
>
> CLIENTFW SERVER
> browser
> authenticator-daemon firewallweb se
Weel, we have all our data available in a web server, so we'd like to browse
the data in the same way. Maybe we can have something like:
CLIENTFW SERVER
browser
authenticator-daemon firewallweb server
when the user outside the firewall ask to connect
On Wed, 09 Dec 1998 20:24:52 +0100, you wrote:
>I have a question about firewall.
>We would like to setup an intranet protected by a firewall, but as we travel a
>lot, we would also like to access our data from outside the firewall via web.
>
>Is there any kind of firewall able to authenticate user
Socks5 supports user authentication for traversal.
Giuseppe Sacco wrote:
> Hi debian people,
> I have a question about firewall.
> We would like to setup an intranet protected by a firewall, but as we travel a
> lot, we would also like to access our data from outside the firewall via web.
>
> Is
Hi debian people,
I have a question about firewall.
We would like to setup an intranet protected by a firewall, but as we travel a
lot, we would also like to access our data from outside the firewall via web.
Is there any kind of firewall able to authenticate users outside and treat them
as inside
31 matches
Mail list logo
