nigelI was trying to use <code>iptables</code> decided that life is too short for this hobbyist to go down that path, so installed <code>ufw</code> and saw there was an XMPP app profile when doing <code>ufw app list</code>.<br><br>Brilliant, this should be easy then!<br><b>WRONG.</b><br><br>This is what <code>ufw app info XMPP</code> gave:<br><br><pre>Profile: XMPP<br>Title: XMPP Chat<br>Description: XMPP protocol (Jabber and Google Talk)<br><br>Ports:<br> 5222/tcp<br> 5269/tcp<br></pre>Which is um... not many ports. And naturally broke things like image uploading.<br><br>So I wrote my own in a new file at /etc/ufw/applications.d/ufw-prosody like this:<br><br><pre>[Prosody]<br>title=Prosody XMPP<br>description=Prosody XMPP Server ports per https://prosody.im/doc/ports<br>ports=5000,5222,5223,5269,5270,5281/tcp<br></pre>Which after saving, doing <code>ufw app update Prosody</code>,<br>then <code>ufw app info Prosody</code> now gives:<br><br><pre>Profile: Prosody<br>Title: Prosody XMPP<br>Description: Prosody XMPP Server ports per https://prosody.im/doc/ports<br><br>Ports:<br> 5000,5222,5223,5269,5270,5281/tcp<br></pre><code>ufw allow Prosody</code> to apply (allow) the rules and all is well again.<br><br>❤️<br><a href="https://snac.lowkey.party?t=xmpp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a> <a href="https://snac.lowkey.party?t=prosody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Prosody</a> <a href="https://snac.lowkey.party?t=ufw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ufw</a> <a href="https://snac.lowkey.party?t=iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iptables</a> <a href="https://snac.lowkey.party?t=firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#firewall</a><br>
Recent searches
No recent searches
Search options
Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon.
Funding graciously provided by the OpenStreetMap Foundation.
Administered by:
Server stats:
252active users
en.osm.town: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#iptables
1 post · 1 participant · 0 posts today
r1w1s1Comparing firewall syntax for SSH (port 22) with default-deny:<br>================================================<br><br><a href="https://snac.bsd.cafe?t=iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iptables</a> (Linux)<br>iptables -A INPUT -p tcp --dport 22 -j ACCEPT<br>iptables -P INPUT DROP<br><br><a href="https://snac.bsd.cafe?t=nftables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nftables</a> (Linux)<br>nft add rule inet my_filter input tcp dport 22 accept<br>nft add rule inet my_filter input drop<br><br><a href="https://snac.bsd.cafe?t=ufw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ufw</a> (Linux - simplified frontend to iptables)<br>ufw allow 22/tcp<br>ufw default deny incoming<br><br><a href="https://snac.bsd.cafe?t=pf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pf</a> (OpenBSD)<br>pass in proto tcp to port 22<br>block all<br><br>pf’s syntax feels so elegant, human-readable, & minimal!<br><br>After 20years scripting iptables, I’m ready to try UFW on my laptop.<br><a href="https://snac.bsd.cafe?t=firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#firewall</a> <a href="https://snac.bsd.cafe?t=sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sysadmin</a> <a href="https://snac.bsd.cafe?t=pf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pf</a> <a href="https://snac.bsd.cafe?t=iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iptables</a> <a href="https://snac.bsd.cafe?t=ufw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ufw</a> <a href="https://snac.bsd.cafe?t=nftables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nftables</a><br>
Linux Renaissance<p><strong>How To Mount Remote NFS On Linux</strong></p>
<p><a href="https://video.fosshq.org/videos/watch/0bb4ffb9-7cad-4559-aa97-a47cf75b60ac" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">video.fosshq.org/videos/watch/</span><span class="invisible">0bb4ffb9-7cad-4559-aa97-a47cf75b60ac</span></a></p>
Hraban (fiëé visuëlle)<p>Wanted to play <a href="https://literatur.social/tags/Freeciv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Freeciv</span></a> with my son in my LAN between a Mac and a Debian laptop.<br>After several tries we had matching v3.1.4 (had to self-compile on Linux).<br>Tried to start the server on each machine, other couldn’t see it (connection refused).<br>Switched off the <a href="https://literatur.social/tags/firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewall</span></a> of MacOS and completely opened <a href="https://literatur.social/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> on Linux after single port settings had no effect.<br>Local tools say the port is open, remote tools (nmap) say it’s closed.<br>Out of ideas now. Any suggestions?</p>
Darth ŠČ! (PeerTube)<p><strong>How To Mount Remote NFS On Linux</strong></p>
<p><a href="https://tux-edu.tv/videos/watch/cca9930f-0a3b-49ca-bb5f-a325fdadc7fa" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tux-edu.tv/videos/watch/cca993</span><span class="invisible">0f-0a3b-49ca-bb5f-a325fdadc7fa</span></a></p>
OSTechNix<p>How To Check And Secure Open Ports In Linux <a href="https://floss.social/tags/Linuxnetworking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linuxnetworking</span></a> <a href="https://floss.social/tags/Linuxsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linuxsecurity</span></a> <a href="https://floss.social/tags/Linuxadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linuxadmin</span></a> <a href="https://floss.social/tags/Linuxhowto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linuxhowto</span></a> <a href="https://floss.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://floss.social/tags/netstat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>netstat</span></a> <a href="https://floss.social/tags/ss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ss</span></a> <a href="https://floss.social/tags/firewalld" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewalld</span></a> <a href="https://floss.social/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> <a href="https://floss.social/tags/nmap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nmap</span></a> <a href="https://floss.social/tags/lsof" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lsof</span></a> <br><a href="https://ostechnix.com/check-and-secure-open-ports-in-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ostechnix.com/check-and-secure</span><span class="invisible">-open-ports-in-linux/</span></a></p>
europlus :autisminf:<p><a href="https://social.europlus.zone/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://social.europlus.zone/tags/SysAdmins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SysAdmins</span></a> <a href="https://social.europlus.zone/tags/NetworkAdmins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkAdmins</span></a></p><p>Ubuntu 24.04 system with a publicly-routable external IP address.</p><p>For a given incoming UDP port (<1024, call it port x, I can’t change this), I want to forward that to localhost (or the ens3 interface) on another port (>1024, port y) so I can invoke QEMU as non-root and forward port y to the emulated system’s port x via slirp.</p><p>Is this doable?</p><p>I’ve tried heaps of nat prerouted examples, but haven’t yet gotten anything to stick.</p><p>Boosts appreciated!</p><p><a href="https://social.europlus.zone/tags/IPTables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPTables</span></a></p>
Linux Guides<p>Was fuer ein Quatsch ist das eigentlich denn, dass ufw nicht greift, wenn die offizielle Docker-Version installiert ist. </p><p>Meiner Ansicht nach eine riesiges Sicherheitsrisiko, dem sich viele Admins evtl. gar nicht bewusst sind.<br>Habe ich auch erst vor ein paar Monaten entdeckt. Das existiert schon seit Jahren so.</p><p>Was meint Ihr? Die Maintainer Version von Debian hat das Gott sei Dank nicht. </p><p>Wird wohl Zeit, Pentesting in unseren regelmaessigen Checks einzubauen.</p><p><a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>docker</span></a> <a href="https://mastodon.social/tags/ufw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ufw</span></a> <a href="https://mastodon.social/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a></p>
MOULE (in Rouge!) #RedInstead<p>Since <a href="https://mastodon.moule.world/tags/Tumblr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tumblr</span></a> (owned by <a href="https://mastodon.moule.world/tags/MattMullenweg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MattMullenweg</span></a>'s <a href="https://mastodon.moule.world/tags/Automattic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Automattic</span></a>) renewed plans to join the <a href="https://mastodon.moule.world/tags/Fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fediverse</span></a>, I suggest blocking them (as I have) for the same reason as <a href="https://mastodon.moule.world/tags/Threads" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Threads</span></a>: queerphobia and corporate tracking.</p><p>Just like the anti-Meta <a href="https://mastodon.moule.world/tags/FediPact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FediPact</span></a> (<a href="https://FediPact.online" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">FediPact.online</span><span class="invisible"></span></a>), there's now an anti-Automattic <a href="https://mastodon.moule.world/tags/FediPact2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FediPact2</span></a>: <a href="https://FediPact2.online" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">FediPact2.online</span><span class="invisible"></span></a></p><p>Like I did with Meta, I wrote <a href="https://mastodon.moule.world/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> commands your <a href="https://mastodon.moule.world/tags/FediAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FediAdmin</span></a> can use to drop all traffic to and from Automattic's IP addresses: <a href="https://pastebin.com/e5UKJCKU" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pastebin.com/e5UKJCKU</span><span class="invisible"></span></a> (source: AS2635)</p>
Dan Oachs<p>I was finally forced to switch from <a href="https://ipv6.social/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> to <a href="https://ipv6.social/tags/nftables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nftables</span></a> on a new <a href="https://ipv6.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> campus firewall setup.</p><p>I really should have made the switch years ago. Nftables is SO MUCH nicer! Having sets and variables has really simplified the configuration a ton.</p><p>I was happy with iptables for a really long time and so familiar with it, that I guess I was afraid of something new, but learning nftables has been fun and a lot easier than I expected for some reason.</p>
Adam ♿<p>Can anyone tell me what this <a href="https://aus.social/tags/IPTables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPTables</span></a> entry related to <a href="https://aus.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> is?</p><p><a href="https://aus.social/tags/Asus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Asus</span></a> has "helpfully" added this to my parents' router.</p><p>Chain OUTPUT (policy ACCEPT)<br>target prot opt source destination<br>OUTPUT_DNS udp -- anywhere anywhere udp dpt:domain u32 "0x0>>0x16&0x3c@0x8>>0xf&0x1=0x0"<br>OUTPUT_DNS tcp -- anywhere anywhere tcp dpt:domain u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x8>>0xf&0x1=0x0"</p><p><a href="https://aus.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AskFedi</span></a></p>
cr0n0s:~🐧📡⌨️ 🛠️ #<p><a href="https://social.tchncs.de/tags/h4ckseed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>h4ckseed</span></a> Nueva Entrada - How To: Bloquear ataques de fuerza bruta SSH usando SSHGUARD</p><p><a href="https://social.tchncs.de/tags/sshguard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sshguard</span></a> <a href="https://social.tchncs.de/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://social.tchncs.de/tags/debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>debian</span></a> <a href="https://social.tchncs.de/tags/rockylinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rockylinux</span></a> <a href="https://social.tchncs.de/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> <a href="https://social.tchncs.de/tags/firewalld" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewalld</span></a> <a href="https://social.tchncs.de/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> <a href="https://social.tchncs.de/tags/ufw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ufw</span></a></p><p><a href="https://h4ckseed.wordpress.com/2024/12/25/how-to-bloquear-ataques-de-fuerza-bruta-ssh-usando-sshguard/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">h4ckseed.wordpress.com/2024/12</span><span class="invisible">/25/how-to-bloquear-ataques-de-fuerza-bruta-ssh-usando-sshguard/</span></a></p>
JM Horner<p><span class="h-card" translate="no"><a href="https://icosahedron.website/@greg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>greg</span></a></span> If you happen to be a bit of a Linux firewall nerd, it is possible to get a small VPS for around a buck a month and host your services behind that by using a Wireguard VPN and iptables rules on the VPS. It is obviously "a bit of a workaround" but I have done it with web, smtp, xmpp, and Minetest on a 30Mbit/10Mbit residential connection. Just don't expect to have Facebook amounts of traffic. :-)</p><p><a href="https://snork.ca/posts/2021-04-20-homehosting-behind-a-small-wireguard-vps/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">snork.ca/posts/2021-04-20-home</span><span class="invisible">hosting-behind-a-small-wireguard-vps/</span></a></p><p><a href="https://eattherich.club/tags/homehost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homehost</span></a> <a href="https://eattherich.club/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhost</span></a> <a href="https://eattherich.club/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a></p>
Schenkl<p>Woher kommt diese Zeile, wenn ich "iptables -L" eingebe:</p><p>ACCEPT all -- anywhere anywhere /* DDoS IPv4 Thu, 14 Nov 2024 06:06:43 +0100 */</p><p>Die Regel scheint ja nichts zu blocken.<br>Aber wer oder was trägt einen DDoS ein?!</p><p><a href="https://chaos.social/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a></p>
rfnix<p>La méthode a consisté à... me débarasser de mon pare-feu jusque là géré par <a href="https://piaille.fr/tags/UFW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UFW</span></a> et <a href="https://piaille.fr/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a>, parce que j'avais abandonné de comprendre comment le faire avec, pour le remplacer par des règles <a href="https://piaille.fr/tags/nftables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nftables</span></a> toutes simples. </p><p>Il a fallu dire aux différents services de l'utiliser (<a href="https://piaille.fr/tags/sshguard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sshguard</span></a> et le moteur de règles de Podman), vérifier que je n'avais pas fait laissé n'importe quel port ouvert et permettre la communication inter-container sur le bon bloc d'IPs internes, et... c'est tout.</p><p>Vraiment le nouveau fichier de conf + le fait que les services additionnels rajoutent juste leur règles dans des tables à part rend tout ça propre et sans douleur!</p><p><a href="https://piaille.fr/tags/podman" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>podman</span></a></p>
Tomasz Dunia<p><strong>🇵🇱 Nowy wpis na blogu! / 🇬🇧 New blog post!</strong></p><p><strong>Darmowa chmura ~200GB na Twoje pliki</strong></p><p><a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/cloudflare/" target="_blank">#Cloudflare</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/docker/" target="_blank">#Docker</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/dockerhub/" target="_blank">#DockerHub</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/dockerio/" target="_blank">#dockerIo</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/freetier/" target="_blank">#FreeTier</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/freedns42/" target="_blank">#FreeDNS42</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/https/" target="_blank">#HTTPS</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/iptables/" target="_blank">#iptables</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/letsencrypt/" target="_blank">#LetSEncrypt</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/linux/" target="_blank">#Linux</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/mariadb/" target="_blank">#MariaDB</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/mysql/" target="_blank">#MySQL</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/nextcloud/" target="_blank">#Nextcloud</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/nginxproxymanager/" target="_blank">#NGINXProxyManager</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/opensource/" target="_blank">#OpenSource</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/oracle/" target="_blank">#Oracle</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/portainer/" target="_blank">#Portainer</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/putty/" target="_blank">#PuTTY</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/selfhosted/" target="_blank">#SelfHosted</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/ssh/" target="_blank">#SSH</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/ssl/" target="_blank">#SSL</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/termius/" target="_blank">#Termius</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/ubuntu/" target="_blank">#Ubuntu</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/ufw/" target="_blank">#ufw</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.tomaszdunia.pl/tag/vps/" target="_blank">#VPS</a></p><p>Autor: <a rel="nofollow noopener noreferrer" class="u-url mention" href="https://infosec.exchange/@to3k" target="_blank">@<span>to3k</span></a></p><p><a href="https://blog.tomaszdunia.pl/darmowa-chmura-200gb/" class="" rel="nofollow noopener noreferrer" target="_blank">https://blog.tomaszdunia.pl/darmowa-chmura-200gb/</a></p>
sebsauvage<p>🐧 <a href="https://framapiaf.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://framapiaf.org/tags/r%C3%A9seau" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>réseau</span></a> <a href="https://framapiaf.org/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> <br>Quelqu'un s'est déjà amusé à autoriser juste un pays avec un ipset ?</p>
Anubhav<p>Is there a <a href="https://hachyderm.io/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreeBSD</span></a> 1[34]] <a href="https://hachyderm.io/tags/pf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pf</span></a> to <a href="https://hachyderm.io/tags/RockyLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RockyLinux</span></a> 8 <a href="https://hachyderm.io/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a>, <a href="https://hachyderm.io/tags/firewalld" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewalld</span></a> <<a href="https://docs.rockylinux.org/guides/security/firewalld-beginners/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.rockylinux.org/guides/sec</span><span class="invisible">urity/firewalld-beginners/</span></a>>, or whatever else converter?</p><p>I will take a table that would guide how to manually convert the syntax of pf.conf(5) <<a href="https://man.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=5&manpath=FreeBSD+14.1-STABLE&arch=default&format=html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">man.freebsd.org/cgi/man.cgi?qu</span><span class="invisible">ery=pf.conf&apropos=0&sektion=5&manpath=FreeBSD+14.1-STABLE&arch=default&format=html</span></a>>.</p>
zvavybir :palestina:🍉 :FediPact: :Green: :masked:<p>In case you want to block an entire autonomous system (facebook for example has AS32934):</p><p><a href="http://superuser.com/questions/810853/ddg#821294" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">superuser.com/questions/810853</span><span class="invisible">/ddg#821294</span></a></p><p><a href="https://social.zvavybir.eu/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> <a href="https://social.zvavybir.eu/tags/network" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>network</span></a> <a href="https://social.zvavybir.eu/tags/fediblock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fediblock</span></a> <a href="https://social.zvavybir.eu/tags/fedipact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedipact</span></a></p>
Włóczykij<p>Ogarnia może ktoś iptables?<br>W logach mam takie coś (wyciąłem to co zbędne)</p><p>IN=wlp59s0 OUT= MAC= SRC=192.168.0.7 DST=255.255.255.255 PROTO=UDP SPT=1716 DPT=1716 </p><p>Jakby kogoś interesowało, to pakiet wygenerowany podczas próby znalezienia hostów z programem kdeconnect.</p><p>Problem tylko w tym, że host 192.168.0.7, to host lokalny. Jak w łańcuchu INPUT może się znaleźć ip lokalnego hosta? Kiedyś napisałem sobie skrypt do iptables i takie coś mi blokuje, bo założyłem (najwyraźniej błędnie), że w łańcuchu INPUT nie może się znaleźć ip lokalnego hosta.</p><p><span class="h-card" translate="no"><a href="https://a.gup.pe/u/linux_pl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>linux_pl</span></a></span> <a href="https://101010.pl/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://101010.pl/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> <a href="https://101010.pl/tags/network" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>network</span></a> <a href="https://101010.pl/tags/sieci" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sieci</span></a> <a href="https://101010.pl/tags/firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewall</span></a> <a href="https://101010.pl/tags/zaporaSieciowa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zaporaSieciowa</span></a> <a href="https://101010.pl/tags/problem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>problem</span></a> <a href="https://101010.pl/tags/ProblemySieciowe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProblemySieciowe</span></a> <a href="https://101010.pl/tags/pytanie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pytanie</span></a> <a href="https://101010.pl/tags/pomoc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pomoc</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload