horewall ruleset
from scratch to accomplish the things you actually want to do?
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
___
Shorewall-user
On 11/10/23 15:42, John Covici wrote:
-Original Message-
From: Phil Stracchino
Sent: Friday, November 10, 2023 1:41 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] unrecognized item on my internal nic, how to
prevent phonning home
On 11/10/23 11:28, John
like to prevent them
from accessing the outside. Any way to do this with shorewall?
Something along the lines of:
REJECT LOCALZONE:1.2.3.4 WANZONE
should do it.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net
On 4/18/23 23:19, Justin Pryzby wrote:
On Tue, Apr 18, 2023 at 12:02:56AM -0400, Phil Stracchino wrote:
Can anyone suggest to me why my firewall is apparently ignoring my
instructions to accept and DNAT XMPP traffic?
Are the rules being hit ?
Either add ":info:xmpp"
Add th
On 4/18/23 00:02, Phil Stracchino wrote:
This is a Ubiquiti appliance that does not expose the iptables command.
They do NOT want you to frob the firewall rules by hand.
Er, disregard that. I was in the wrong window, on the wrong host, and
didn't notice. It DOES in fact have iptables
On 4/17/23 23:25, Justin Pryzby wrote:
On Mon, Apr 17, 2023 at 10:56:17PM -0400, Phil Stracchino wrote:
Greetings,
I have a weird problem. I had a power interruption today during a generator
install, and when everything came back up afterwards, my XMPP server
(ejabberd) is not receiving any
yone suggest to me why my firewall is apparently ignoring my
instructions to accept and DNAT XMPP traffic?
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
__
. The
fail2ban example shorewall.conf file RECOMMENDS changing BLACKLIST from
the default "NEW,INVALID,UNTRACKED" to "ALL" in order to let it close
existing connections from hostile hosts.
Are there any *non-obvious* side effects of this change that I should be
aware of?
--
Phil
to [external
IP]:22123.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https
ectly for me without me having to do anything. I don't think
Shorewall is your problem. Possibly your Shorewall RULES may be your
problem.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.
. Is there a document anywhere that explains how to
correctly set up Shorewall 5 for multihoming?
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
e better organize ourselves and
> decide upon courses of action that will affect the broader Shorewall
> community we will make corresponding announcements. Our intent is to
> continue to grow the community which Tom has so painstakingly built over
> the years.
This is excellent news
oughtfulness.
>
> -Tom
>
> PS - I am currently in the Sonoma Wine Country and am having a great
> time :-)
If Shenandoah Valley Winery is still around, last time I was there they
had a fantastic orange muscat.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys
Oh, I love the fact that all I need do is invoke a couple of macros and
services like FTP and Jabber *Just Work*.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
_
d
> that I have always dreamed of seeing.
Enjoy the trip, Tom!
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
___
Shorewall-users mailing list
Shor
> other for improve the firewall level, always without the risk or
> compromising communication between the two servers?
If your replication traffic goes outside your firewall, consider
requiring SSL on the replication connection. You will have to configure
this on both the master and the
s, so you should report it to Gentoo as a bug against
net-firewall/shorewall.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: 603.293.8485
--
Check out the vibrant tech
On 02/16/17 17:23, Tom Eastep wrote:
> Which init system is the system using?
Gentoo uses OpenRC.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: 603.293.8485
signature.asc
Description: OpenPGP digital signat
On 01/09/17 14:52, Tom Eastep wrote:
> On 01/09/2017 09:55 AM, Phil Stracchino wrote:
> You can do this with Shorewall and LSM - see
> http://www.shorewall.org/MultiISP.html.
>
> Make the direct internet connection the primary provider and the local
> LAN the fallback pro
20 matches
Mail list logo
