On 3/5/2015 7:39 AM, Erich Titl wrote:
Hi Folks
I need to temporarily allow HTTP connections from my shorewall based
LEAF box, preferrably without having to touch the shorewall files and be
able to stop this functionality again.
I looked a bit at the very extensive shorewall docs, but
Hi Tom
Am 12.03.2015 um 20:14 schrieb Tom Eastep:
...
Do your open and close commands survive multiple parallel invocations?
My method for sure will disable the second process if the first one fails.
You can have multiple temporary opens active at a time simultaneously if
that is what you
On 3/12/2015 12:06 PM, Erich Titl wrote:
Hi Tom
Am 12.03.2015 um 15:47 schrieb Tom Eastep:
On 3/5/2015 7:39 AM, Erich Titl wrote:
Hi Folks
I need to temporarily allow HTTP connections from my shorewall based
LEAF box, preferrably without having to touch the shorewall files and be
able to
Hi Andrew
Am 06.03.2015 um 11:19 schrieb Andrew:
Hi.
You can try to use iptables recent module, but i slightly different way:
add source ips to list for knocking to one port, and grant access for
target http/ssh port corresponding to this list records. Something like
Hi Jürgen
Am 06.03.2015 um 11:33 schrieb j...@tux-net.de:
... and who (should) trigger the firewall to change its ruleset? The client ?
If so, you can let the ports open because the client always gets what he
wants at any time.
Yes, but only this client will do it, and it closes the door
Hi.
You can try to use iptables recent module, but i slightly different way:
add source ips to list for knocking to one port, and grant access for
target http/ssh port corresponding to this list records. Something like
http://www.snowman.net/projects/ipt_recent/ 3rd example.
06.03.2015 11:26,
... and who (should) trigger the firewall to change its ruleset? The client ?
If so, you can let the ports open because the client always gets what he wants
at any time.
Am 6. März 2015 10:26:08 MEZ, schrieb Erich Titl erich.t...@think.ch:
Hi Juergen
Am 06.03.2015 um 07:18 schrieb
Hi Juergen
Am 06.03.2015 um 07:18 schrieb j...@tux-net.de:
Why should the access to these update servers be enabled dynamically?
I could enable that access statically, but that would mean I have to
adapt the firewall policies to a peripheral functionality. As I want to
add this functionality to
You might create a rule for the target in question which logs when it matchs
and obey the logfile for this entry and adjust the rule if found . Time based
revert the ruleset or select an other target which is visited (and also
logged) for turning the access off.
Am 6. März 2015 10:26:08
Hi,
what should be the reason to change the rules ? Time based ? On demand from
outside ? Port knocking?
JN
Am Do. 5. Mär. 2015 20:18 CET, Erich Titl erich.t...@think.ch schrieb:
Hi
Am 05.03.2015 um 17:01 schrieb n22e113:
I need to temporarily allow HTTP connections from my
Am 05.03.2015 um 17:48 schrieb Jeff Delinck:
Shorewall is just a front end to IPtables. It would be easy enough to
just issue the iptables command to add that in temporarily.
iptables -I net2fw -p tcp --dport 80 -j ACCEPT
It used to be fw2net :-(
now it is fw-net
What a shame to change the
Hi
Am 05.03.2015 um 17:01 schrieb n22e113:
I need to temporarily allow HTTP connections from my shorewall based
LEAF box, preferrably without having to touch the shorewall files and be
able to stop this functionality again.
I looked a bit at the very extensive shorewall docs, but nothing
Hi
Am 05.03.2015 um 20:40 schrieb Northe, Juergen [tux-net]:
Hi,
what should be the reason to change the rules ? Time based ? On demand from
outside ? Port knocking?I
Most communication on my firewall towards the net is disabled by
default. In order to update the software dynamically I need
Why should the access to these update servers be enabled dynamically? What is
the security policy behind it? Are the clients i.e mobile devices?
Either you trust the targed or you do not. Do you want to control the traffic?
Or do you want to be sure that the all clients get the same
Hi Folks
I need to temporarily allow HTTP connections from my shorewall based
LEAF box, preferrably without having to touch the shorewall files and be
able to stop this functionality again.
I looked a bit at the very extensive shorewall docs, but nothing
immediately caught my eyes. It would be
I need to temporarily allow HTTP connections from my shorewall based
LEAF box, preferrably without having to touch the shorewall files and be
able to stop this functionality again.
I looked a bit at the very extensive shorewall docs, but nothing
immediately caught my eyes. It would be nice
Shorewall is just a front end to IPtables. It would be easy enough to
just issue the iptables command to add that in temporarily.
iptables -I net2fw -p tcp --dport 80 -j ACCEPT
(or fw2net depending on the direction desired) Use
iptables -nL --line-numbers
to find your rule, Then use
iptables
Am Donnerstag, 5. März 2015, 16:39:02 schrieb Erich Titl:
Hi Folks
I need to temporarily allow HTTP connections from my shorewall based
LEAF box, preferrably without having to touch the shorewall files and be
able to stop this functionality again.
I looked a bit at the very extensive
Hi Jeff
Am 05.03.2015 um 17:48 schrieb Jeff Delinck:
Shorewall is just a front end to IPtables. It would be easy enough to
just issue the iptables command to add that in temporarily.
iptables -I net2fw -p tcp --dport 80 -j ACCEPT
Of course, as long as shorewall keeps its naming scheme that
Am 05.03.2015 um 17:08 schrieb kp kirchdoerfer:
Am Donnerstag, 5. März 2015, 16:39:02 schrieb Erich Titl:
Hi Folks
I need to temporarily allow HTTP connections from my shorewall based
LEAF box, preferrably without having to touch the shorewall files and be
able to stop this functionality
20 matches
Mail list logo