Re: First hint as to why kaffeine won't rx tv

[Gene Heskett]

On Tuesday 07 June 2016 16:15:43 deloptes wrote:

> Gene Heskett wrote:
> > Chuckle, point taken.  I don't watch very much of it these days, but
>
> ...
>
> > Cheers, Gene Heskett
>
> This was a good story. I hope you fixed your dvb driver
>
> regards

Not yet.  I know just enough C to be dangerous, assembly on an RCA 1802, 
or a Hitachi HD63C09EP, some basic09 (runs on that same cpu), and have 
carved up some quite usefull wrappers for this and that in bash.  But 
don't use the word guru and my name in the same paragraph.  It would not 
grok at all.

What I am hoping for is to get the attention of the person that broke it, 
but doesn't know he did.  Yet...

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

servidor Ldap en debian

[jorge serna]

Hola a todos...

Alguien me pueda ayudar a encontrar un tutorial completo para montar un
servidor Openldap en debian, alguno lo mas completo que se pueda...Gracias

Re: make ping executable by normal users?

[Santiago Vila]

On Tue, Jun 07, 2016 at 02:56:11PM -0800, Britton Kerin wrote:

> How, just by executing dpkg-reconfigure, did I tell it this is what
> I wanted?  If that's the default, why wasn't it that way to begin with?

AFAIK, the tar file format, on which the .deb package format is based,
does not allow for capabilities to be stored inside a tar file, so the
capability has to be set in the postinst and may not be "just there"
after unpacking the package.

Of course, this does not explain why you lost the capability, it would
only explain why the postinst fixes it.

Re: curl and form submission

[Oliver Briscbois]

On 2016-06-07, Bob  wrote:
> Hello list,
>
> I'm trying to automate my internet login which is based on a web form.

Good question. I hope someone follows up with an answer. I'll be
following this thread. I've been trying the same thing with wget without
success

Oliver.

Re: make ping executable by normal users?

[David Wright]

On Tue 07 Jun 2016 at 14:56:11 (-0800), Britton Kerin wrote:
> On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila  wrote:
> > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
> >> On my old debian system I could ping as a normal user.  The ping
> >> binary had the suid bit set.  Now I get:
> >>
> >> $ ping www.google.com
> >> ping: icmp open socket: Operation not permitted
> >> 2 $
> >>
> >> presumably because the bit isn't set.
> >>
> >> What's the right fix?  I could setuid it but then if I understand
> >> correctly it might get changed back by an upgrade.  Does it use
> >> capabilites or something?
> >
> > Yes, it uses capabilities. The simple fix is to do this:
> >
> > dpkg-reconfigure iputils-ping
> 
> Well, that works, thanks.  But I really don't get the overall behavior.
> It says this:
> 
>  root@debian:/home/bkerin# dpkg-reconfigure iputils-ping
>  Setcap worked! Ping(6) is not suid!
>  root@debian:/home/bkerin#
> 
> And then ping works for non-root users.
> 
> How, just by executing dpkg-reconfigure, did I tell it this is what
> I wanted?  If that's the default, why wasn't it that way to begin with?

dpkg-reconfigure runs /var/lib/dpkg/info/foo.postinst for package foo,
so take a look and you'll see the possibilities.

I've no idea how your ping missed the process, unless it's been copied
incorrectly at some point (though one might expect more problems than
just ping in that case).

> More generally, is it somehow possible to still run debian without
> capabilities?  I hate them.  The simple root-or-not security model
> is much simpler and doesn't promise more than it can really
> deliver.  I'm sad to see capabilities now as the default.

No idea. I'm convinced, rightly or wrongly, by the added fine-grain
security provided by capabilities.

Cheers,
David.

Re: NAT sobre WLAN

[JavierDebian]

El 07/06/16 a las 18:59, fernando sainz escribió:

¿has habilidato el ip_forwarding?

# Habilitamos el ip forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward


S2.


Básico.
Es lo primero que se hace.
Es más, está habilitado desde el /etc/sysctl.conf.

JAP

Re: make ping executable by normal users?

[Britton Kerin]

On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila  wrote:
> On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote:
>> On my old debian system I could ping as a normal user.  The ping
>> binary had the suid bit set.  Now I get:
>>
>> $ ping www.google.com
>> ping: icmp open socket: Operation not permitted
>> 2 $
>>
>> presumably because the bit isn't set.
>>
>> What's the right fix?  I could setuid it but then if I understand
>> correctly it might get changed back by an upgrade.  Does it use
>> capabilites or something?
>
> Yes, it uses capabilities. The simple fix is to do this:
>
> dpkg-reconfigure iputils-ping

Well, that works, thanks.  But I really don't get the overall behavior.
It says this:

 root@debian:/home/bkerin# dpkg-reconfigure iputils-ping
 Setcap worked! Ping(6) is not suid!
 root@debian:/home/bkerin#

And then ping works for non-root users.

How, just by executing dpkg-reconfigure, did I tell it this is what
I wanted?  If that's the default, why wasn't it that way to begin with?

More generally, is it somehow possible to still run debian without
capabilities?  I hate them.  The simple root-or-not security model
is much simpler and doesn't promise more than it can really
deliver.  I'm sad to see capabilities now as the default.

Britton

Re: burning BlueRay which software/drive/media

[Thomas Schmitt]

Hi,

Michael Lange wrote:
> I am pretty sure that cdrecord supports blueray

Yes, it does.

In march i pointed in
  https://lists.debian.org/debian-user/2016/03/msg00573.html
to a recent cdrecord binary (made on Debian 8):

  
https://media-cdn.ubuntu-de.org/forum/attachments/00/01/8001663-cdrecord-fubude-3.gz


>  I felt that Schilling's cdrtools might be worth a try

At least it is maintained, although sometimes it needs some effort
to convince Joerg of the necessity of action.

wodim and growisofs currently have no upstream maintainer.


Have a nice day :)

Thomas

Re: NAT sobre WLAN

[fernando sainz]

El día 7 de junio de 2016, 20:34, JAP  escribió:
> Estimados:
>
> Una vez más, yo peleándome con las redes.
> Paso a explicar.
>
> Tengo un equipo corriendo Debian "jessie":
> # uname -a
> Linux javier 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) x86_64
> GNU/Linux
>
> ¿Qué quiero hacer?
> Que los equipos conectados por WiFi a la placa wlan0 accedan a internet a
> través de la placa eth1.
>
>
> Tengo una red cableada a Internet:
> # ifconfig eth1
> eth1  Link encap:Ethernet  HWaddr a0:f3:c1:01:da:92
>   inet addr:192.168.2.52  Bcast:192.168.2.255  Mask:255.255.255.0
>   inet6 addr: fe80::a2f3:c1ff:fe01:da92/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:1523 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:1596 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:705060 (688.5 KiB)  TX bytes:299878 (292.8 KiB)
>
> Me conecto a dicha red mediante un portal cautivo provisto por un servido
> ZeroShell, sobre el cual me identifico con un "script" en python.
>
> Tengo una placa de red inalámbrica que provee servicio dhcp para mis otros
> aparatos:
>
> En otro entorno más "natural", lo que he hecho toda mi vida, fue montar un
> puente br0 desde eth1 a wlan0.
> El problema que tengo es que en este lugar, debo pasar por el portal
> cautivo, y el maldito no me permite más de una conexión con una mac
> definida. Los puentes (bridges), generan una nueva MAC, y asignan
> direcciones IP del servidor. Y como dije, con una clave, no puedo tener más
> de una conexión. Y el BAFH no me da otra clave de acceso.
>
> Por lo que presto y diligente, decidí hacer una conexión NAT.
> Para ello, monté un servidor dhcp con isc-dhcp-server, el cual da su
> servicio a través de la placa inalámbrica:
> # ifconfig wlan0
> wlan0 Link encap:Ethernet  HWaddr 00:87:30:23:0e:a8
>   inet addr:192.168.5.1  Bcast:192.168.5.255  Mask:255.255.255.0
>   inet6 addr: fe80::287:30ff:fe23:ea8/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:265 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:861 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:12142 (11.8 KiB)  TX bytes:60578 (59.1 KiB)
>
> Mi celular se conecta al enrutador configurado sin inconvenientes:
> # ping 192.168.5.10 -c 3
> PING 192.168.5.10 (192.168.5.10) 56(84) bytes of data.
> 64 bytes from 192.168.5.10: icmp_seq=1 ttl=64 time=150 ms
> 64 bytes from 192.168.5.10: icmp_seq=2 ttl=64 time=195 ms
> 64 bytes from 192.168.5.10: icmp_seq=3 ttl=64 time=203 ms
> --- 192.168.5.10 ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 1999ms
> rtt min/avg/max/mdev = 150.223/183.033/203.074/23.394 ms
>
>
> He intentado montar una NAT de no menos de 30 formas distintas, y no logro
> hacer que el navegador del celular vea internet.
> Las órdenes que he estado utilizando básicamente son
>
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> iptables -A FORWARD -i wlan0 -j ACCEPT
>
> Que, si la teoría no me falla, enmascara eth1, y reenvía los paquetes que
> vienen de wlan0.
>
> # iptables -t nat -L -v
> Chain PREROUTING (policy ACCEPT 3 packets, 545 bytes)
>  pkts bytes target prot opt in out source destination
>
> Chain INPUT (policy ACCEPT 2 packets, 307 bytes)
>  pkts bytes target prot opt in out source destination
>
> Chain OUTPUT (policy ACCEPT 58 packets, 5878 bytes)
>  pkts bytes target prot opt in out source destination
>
> Chain POSTROUTING (policy ACCEPT 36 packets, 2841 bytes)
>  pkts bytes target prot opt in out source destination
>22  3037 MASQUERADE  all  --  anyeth1anywhere anywhere
>
> Las reglas de iptables, las he variado en muchas formas, y realmente, ya no
> sé qué hacer.
> Otros ejemplo que he usado:
>
> iptables -t nat -A POSTROUTING ! -d 192.168.5.0/24 -o eth1 -j SNAT
> --to-source 192.168.2.52
>
> También:
> iptables -t nat -A POSTROUTING ! -d 192.168.5.0/24 -o eth1 -j MASQUERADE
>
> Bueno. No funciona.
> El teléfono no tiene accesos a internet.
> Google no me da la solución.
>
> Escucho ofertas
>
> Muchas gracias en adelanto.
>
> JAP
>


¿has habilidato el ip_forwarding?

# Habilitamos el ip forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward


S2.

Upgrading from Backports

[Patrick Bartek]

Need to upgrade claws-mail installed from regular repo to a newer
version in wheezy-backports.  I don't want to end up with two installed
versions.  Have done research, but have found nothing specific about
this particular procedure.  Would

   apt-get install -t wheezy-backports claws-mail=

upgrade the old version or just install the new version along side the
old.

Or would it be easier to "remove" the old version keeping all the
configs, etc., and install the new one from backports?  I did this with
LibreOffice a few years ago.  Worked fine.

I'm running Wheezy 64-bit.

Thanks.

B

Re: burning BlueRay which software/drive/media

[Michael Lange]

On Tue, 07 Jun 2016 22:24:51 +0200
"Thomas Schmitt"  wrote:

> Michael Lange wrote:
> > k3b automatically uses Schilling's tools as default.
> 
> I believe K3B uses growisofs as default for BD. At least one should
> check the log which programs got employed by a successful or failed run.

This may be true, I don't have a blueray drive so I cannot tell for sure.
I am pretty sure that cdrecord supports blueray though, so it should be
easy to set up. otoh probably the OP doesn't care much about k3b setup
at all...
Pointing to cdrtools was merely a shot in the dark; since I
myself used to suffer from drive related issues with the debian-shipped
tools I felt that Schilling's cdrtools might be worth a try.

Best regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

A man either lives life as it happens to him, meets it head-on and
licks it, or he turns his back on it and starts to wither away.
-- Dr. Boyce, "The Menagerie" ("The Cage"), stardate
unknown

Re: burning BlueRay which software/drive/media

[Thomas Schmitt]

Hi,

Thomas (not me) wrote:
> I try do burn BlueRay disk.
> I have an HL-DT-ST and have used 
> #wodim

wodim with BD can only work by accident. :))

> #growisofs

growisofs can do. There are some known bugs, though.


> I have reduced the burn speed but writing is still failed

What does growisofs report when it fails ?


> # growisofs -Z /dev/sr0 -R -speed=1 -input-charset utf-8 -J /tmp/data
> # wodim -v speed=1 dev=/dev/sr0 /tmp/data

One of these runs must be wrong. growisofs in above form will pack up
/tmp/data in an ISO 9660 filesysten by help of genisoimage or mkisofs.
wodim expects /tmp/data to be a medium image file which it will copy
directly onto /dev/sr0.

So what is your use case:
- wrap a file or directory tree into ISO 9660 and burn this to BD ?
- burn an image file (e.g. some .iso) onto BD ?


> Is there any other programm

I develop libburn which is used underneath Xfburn, Brasero (optionally),
cdrskin, and xorriso.

The following xorriso runs would do about what above runs of growisofs
and wodim do.
Put directory tree /tmp/data into an ISO 9660 filesystem and burn to
BD-RE or blank BD-R :

  xorriso -outdev /dev/sr0 -blank as_needed -joliet on -map /tmp/data / -speed 1

(I leave out -local_charset "utf-8" because i first would like to
 know the reason why you want to override your shell environment setting.)
(You will hardly find a BD drive which does BD-R at 1x speed.
 If you insist in setting speed to 1, drives will use the lowest speed,
 that is supported with the given medium.)

Burn image file /tmp/data onto BD-RE or blank BD:

  xorriso -as cdrecord -v speed=1 dev=/dev/sr0 /tmp/data

Be invited to try the one which matches your use case.


There is also cdrecord from cdrtools by Joerg Schilling (not in Debian,
but i could point to a binary which i made last year).


> or is the problem the writer and/or typ of media

You would have to tell exactly what the failing program runs reported.


Glenn English wrote:
> XFCE's GUI burner program does BluRays like a champ.

That would be Xfburn.


Jörg-Volker Peetz wrote:
> At least in testing there's cdrskin.

Already the version in oldstable should do BD, as does xorriso.
Xfburn's use of libburn's BD capabilities is quite recent (about two years).


David Christensen wrote:
> I'm on Wheezy and use xorriso:

Thank you for flying xorriso.


Michael Lange wrote:
> k3b automatically uses Schilling's tools as default.

I believe K3B uses growisofs as default for BD. At least one should
check the log which programs got employed by a successful or failed run.


Have a nice day :)

Thomas

Re: First hint as to why kaffeine won't rx tv

[deloptes]

Gene Heskett wrote:

> 
> Chuckle, point taken.  I don't watch very much of it these days, but
...
> 
> Cheers, Gene Heskett

This was a good story. I hope you fixed your dvb driver

regards

Re: burning BlueRay which software/drive/media

[Michael Lange]

Hi,

On Tue, 07 Jun 2016 21:24:23 +0200
Thomas  wrote:

> Hi,
> 
> I try do burn BlueRay disk.
> I have an HL-DT-ST and have used 
> #wodim
> and 
> #growisofs
> 
> I have reduced the burn speed but writing is still failed
> 
> 
> # growisofs -Z /dev/sr0 -R -speed=1 -input-charset utf-8 -J /tmp/data
> # wodim -v speed=1 dev=/dev/sr0 /tmp/data
> 
> Is there any other programm or is the problem the writer and/or typ of
> media

In case your problems come from a problematic drive, you might want want
to try the original crtools from Joerg Schilling. Due to licensing issues
they are not shipped with debian, but compiling and installing them is
quite easy, just download Schilling's smake and compile and install it
to /opt/schily with make && make install , then download cdrtools and
compile them with /opt/schily/bin/smake && /opt/schily/bin/smake install.
Personnally, if I want a gui I use k3b, and when you put something like

if [ -d /opt/schily/bin ] ; then
PATH=/opt/schily/bin:"${PATH}"
fi

into your ~/.bashrc , k3b automatically uses Schilling's tools as default.

I used to have problems with burning discs myself, probably caused by
problematic drives, since I switched to using cdrtools everything "just
works".

Best regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

The games have always strengthened us.  Death becomes a familiar
pattern.  We don't fear it as you do.
-- Proconsul Marcus Claudius, "Bread and Circuses",
   stardate 4041.2

Re: burning BlueRay which software/drive/media

[David Christensen]

On 06/07/2016 12:24 PM, Thomas wrote:

Hi,

I try do burn BlueRay disk. I have an HL-DT-ST and have used #wodim
and #growisofs

I have reduced the burn speed but writing is still failed


# growisofs -Z /dev/sr0 -R -speed=1 -input-charset utf-8 -J
/tmp/data # wodim -v speed=1 dev=/dev/sr0 /tmp/data

Is there any other programm or is the problem the writer and/or typ
of media


Thanks Thomas




I'm on Wheezy and use xorriso:

https://packages.debian.org/wheezy/xorriso


On 06/07/2016 12:39 PM, Glenn English wrote:

I've got a SATA LG burner on a Supermicro box running Wheezy and

> XFCE4. XFCE's GUI burner program does BluRays like a champ. I let the
> software decide on the speed, and I don't remember what brand of
> disks I burn. But I got them from Amazon, so they're nothing
> extraordinary.

I have LG and Pioneer Blu-ray burners, Intel desktop motherboards, 
Wheezy, and Xfce.  I use Memorex CD-R, DVD-R, and BD-R media.  Brasero 
makes coasters -- only xorriso is reliable.



David

Re: burning BlueRay which software/drive/media

[Jörg-Volker Peetz]

At least in testing there's cdrskin.
But I didn't burn a BD yet.
The equivalent to growisofs is named xorriso.

Regards,
jvp.

Re: burning BlueRay which software/drive/media

[Glenn English]

> On Jun 7, 2016, at 1:24 PM, Thomas  wrote:
> 
> Hi,
> 
> I try do burn BlueRay disk.
> I have an HL-DT-ST and have used 
> #wodim
> and 
> #growisofs
> 
> I have reduced the burn speed but writing is still failed
> 
> 
> # growisofs -Z /dev/sr0 -R -speed=1 -input-charset utf-8 -J /tmp/data
> # wodim -v speed=1 dev=/dev/sr0 /tmp/data
> 
> Is there any other programm or is the problem the writer and/or typ of media

I've got a SATA LG burner on a Supermicro box running Wheezy and XFCE4. XFCE's 
GUI burner program does BluRays like a champ. I let the software decide on the 
speed, and I don't remember what brand of disks I burn. But I got them from 
Amazon, so they're nothing extraordinary.

-- 
Glenn English

Re: Improper visuals after update

[Chris Joysn]

Hello,

i had the same issue :)

the issue seems to be with gtk-3 based apps. The widgets dont have any
decoration, like input fields have no visible borders, check boxes no
borders.. menu controls have only their text / titles drawn without any
space and border in between their characters... I tried to post a mail here
but after a few days i understood that this list silently drops mails with
attachments...
Examples of apps affected i used were Evolution (completely unusable with
this behavior) and Synaptic (i switched to aptitude for package management).

i recovered the screenshots from the sent folder and put them onto imagebin:
https://imagebin.ca/v/2jsCHryiFpi8
https://imagebin.ca/v/2jsEiMInvzRD
https://imagebin.ca/v/2jsEw627EVgh

I purged my home directory completely to get rid of all . directories with
eventually wrong config files, created a new user account to check as well.

What finally solved the issue was the dist-upgrade from testing to
unstable. Now the problem is gone.

hope that helps..

Joysn

On 30 May 2016 at 19:37, Lisi Reisz  wrote:

> On Monday 30 May 2016 18:05:51 Bhasker C V wrote:
> > anyone ?
>
> I, for one, can't make any sense of the visual you supplied and the
> message,
> so I just gave up.  Perhaps start again with explaining the problem?
>
> Lisi
> >
> > On Mon, May 30, 2016 at 9:44 AM, Bhasker C V 
> wrote:
> > > On Sun, May 29, 2016 at 10:47 PM, Ric Moore 
> wrote:
> > >> On 05/29/2016 03:38 PM, Bhasker C V wrote:
> > >>> Hi,
> > >>>
> > >>>After an update I see that my dialog boxes are looking weird. I
> > >>> cannot describe it but it looks as-if the contrast is lost or the
> theme
> > >>> is not supported ? The boucing bars have gone missing but mouse over
> > >>> and clicks work. This is especially bad with nm-applet. I use mate
> > >>> desktop
> > >>>
> > >>> If anyone knows please can they  tell me how to get this fixed ?
> > >>>
> > >>> An example image is attached at https://unsee.cc/zisapuge/
> > >>
> > >> I'm running Sid and XFCE. My last updates pulled in a pile of Mate
> > >> packages. I deleted them. Ric
> > >
> > > I somehow have a feeling that my theme is not getting rendered
> properly.
> > > I created a brand-new user just to make sure that my home dir's earlier
> > > files may not interfere with updates
> > > The new user is also showing the same behaviour. Dialog boxes are not
> > > rendered properly. gtk ones are the worst suffering.
> > >
> > >> --
> > >> My father, Victor Moore (Vic) used to say:
> > >> "There are two Great Sins in the world...
> > >> ..the Sin of Ignorance, and the Sin of Stupidity.
> > >> Only the former may be overcome." R.I.P. Dad.
> > >> http://linuxcounter.net/user/44256.html
>
>

burning BlueRay which software/drive/media

[Thomas]

Hi,

I try do burn BlueRay disk.
I have an HL-DT-ST and have used 
#wodim
and 
#growisofs

I have reduced the burn speed but writing is still failed


# growisofs -Z /dev/sr0 -R -speed=1 -input-charset utf-8 -J /tmp/data
# wodim -v speed=1 dev=/dev/sr0 /tmp/data

Is there any other programm or is the problem the writer and/or typ of media


Thanks 
Thomas

NAT sobre WLAN

[JAP]

Estimados:

Una vez más, yo peleándome con las redes.
Paso a explicar.

Tengo un equipo corriendo Debian "jessie":
# uname -a
Linux javier 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) 
x86_64 GNU/Linux


¿Qué quiero hacer?
Que los equipos conectados por WiFi a la placa wlan0 accedan a internet 
a través de la placa eth1.



Tengo una red cableada a Internet:
# ifconfig eth1
eth1  Link encap:Ethernet  HWaddr a0:f3:c1:01:da:92
  inet addr:192.168.2.52  Bcast:192.168.2.255  Mask:255.255.255.0
  inet6 addr: fe80::a2f3:c1ff:fe01:da92/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:1523 errors:0 dropped:0 overruns:0 frame:0
  TX packets:1596 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:705060 (688.5 KiB)  TX bytes:299878 (292.8 KiB)

Me conecto a dicha red mediante un portal cautivo provisto por un 
servido ZeroShell, sobre el cual me identifico con un "script" en python.


Tengo una placa de red inalámbrica que provee servicio dhcp para mis 
otros aparatos:


En otro entorno más "natural", lo que he hecho toda mi vida, fue montar 
un puente br0 desde eth1 a wlan0.
El problema que tengo es que en este lugar, debo pasar por el portal 
cautivo, y el maldito no me permite más de una conexión con una mac 
definida. Los puentes (bridges), generan una nueva MAC, y asignan 
direcciones IP del servidor. Y como dije, con una clave, no puedo tener 
más de una conexión. Y el BAFH no me da otra clave de acceso.


Por lo que presto y diligente, decidí hacer una conexión NAT.
Para ello, monté un servidor dhcp con isc-dhcp-server, el cual da su 
servicio a través de la placa inalámbrica:

# ifconfig wlan0
wlan0 Link encap:Ethernet  HWaddr 00:87:30:23:0e:a8
  inet addr:192.168.5.1  Bcast:192.168.5.255  Mask:255.255.255.0
  inet6 addr: fe80::287:30ff:fe23:ea8/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:265 errors:0 dropped:0 overruns:0 frame:0
  TX packets:861 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:12142 (11.8 KiB)  TX bytes:60578 (59.1 KiB)

Mi celular se conecta al enrutador configurado sin inconvenientes:
# ping 192.168.5.10 -c 3
PING 192.168.5.10 (192.168.5.10) 56(84) bytes of data.
64 bytes from 192.168.5.10: icmp_seq=1 ttl=64 time=150 ms
64 bytes from 192.168.5.10: icmp_seq=2 ttl=64 time=195 ms
64 bytes from 192.168.5.10: icmp_seq=3 ttl=64 time=203 ms
--- 192.168.5.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 150.223/183.033/203.074/23.394 ms


He intentado montar una NAT de no menos de 30 formas distintas, y no 
logro hacer que el navegador del celular vea internet.

Las órdenes que he estado utilizando básicamente son

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i wlan0 -j ACCEPT

Que, si la teoría no me falla, enmascara eth1, y reenvía los paquetes 
que vienen de wlan0.


# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 3 packets, 545 bytes)
 pkts bytes target prot opt in out source 
destination


Chain INPUT (policy ACCEPT 2 packets, 307 bytes)
 pkts bytes target prot opt in out source 
destination


Chain OUTPUT (policy ACCEPT 58 packets, 5878 bytes)
 pkts bytes target prot opt in out source 
destination


Chain POSTROUTING (policy ACCEPT 36 packets, 2841 bytes)
 pkts bytes target prot opt in out source 
destination
   22  3037 MASQUERADE  all  --  anyeth1anywhere 
anywhere


Las reglas de iptables, las he variado en muchas formas, y realmente, ya 
no sé qué hacer.

Otros ejemplo que he usado:

iptables -t nat -A POSTROUTING ! -d 192.168.5.0/24 -o eth1 -j SNAT 
--to-source 192.168.2.52


También:
iptables -t nat -A POSTROUTING ! -d 192.168.5.0/24 -o eth1 -j MASQUERADE

Bueno. No funciona.
El teléfono no tiene accesos a internet.
Google no me da la solución.

Escucho ofertas

Muchas gracias en adelanto.

JAP

Re: libreCAD, can't find help docs

[Gene Heskett]

On Tuesday 07 June 2016 11:10:19 Curt wrote:

> On 2016-06-07, Gene Heskett  wrote:
> >> Installing (in simulation mode because it pulls in an enormous
> >> amount of stuff) freecad and freecad-docs in Wheezy LTS from Wheezy
> >> backports works for me (why qt4-dev-tools?) using apt-get.
> >>
> >> Viz
> >>
> >> apt-get -s -t wheezy-backports install freecad freecad-docs.
> >>
> >> Or maybe I'm not following you closely enough.  Should be
> >> straight-forward (famous last words).
> >
> > And these are in that category, emphasis on gory.
> >
> > oot@coyote:/home/gene# apt-get -s -t wheezy-backports install
> > freecad freecad-doc Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > The following extra packages will be installed:
> >   libsoqt4-20 python-pivy qt4-dev-tools
> > Suggested packages:
> >   qt4-doc-html
> > Recommended packages:
> >   qt4-designer qt4-doc
> > The following NEW packages will be installed:
> >   freecad freecad-doc qt4-dev-tools
> > The following packages will be upgraded:
> >   libsoqt4-20 python-pivy
> > 2 upgraded, 3 newly installed, 0 to remove and 6 not upgraded.
> > Inst libsoqt4-20 [1.5.0-2] (1.6.0~e8310f-1~bpo70+1 Debian
> > Backports:/wheezy-backports [i386]) Inst qt4-dev-tools
> > (4:4.8.6+git64-g5dc8b2b+dfsg-3~bpo70+1 Debian
> > Backports:/wheezy-backports [i386]) Inst python-pivy
> > [0.5.0~v609hg-1] (0.5.0~v609hg-3~bpo70+1 Debian
> > Backports:/wheezy-backports [i386]) Inst freecad
> > (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports [i386])
> > Inst freecad-doc (0.14.3702+dfsg-3~bpo70+1 Debian
> > Backports:/wheezy-backports [all]) Conf libsoqt4-20
> > (1.6.0~e8310f-1~bpo70+1 Debian Backports:/wheezy-backports [i386])
> > Conf qt4-dev-tools (4:4.8.6+git64-g5dc8b2b+dfsg-3~bpo70+1 Debian
> > Backports:/wheezy-backports [i386]) Conf python-pivy
> > (0.5.0~v609hg-3~bpo70+1 Debian Backports:/wheezy-backports [i386])
> > Conf freecad (0.14.3702+dfsg-3~bpo70+1 Debian
> > Backports:/wheezy-backports [i386]) Conf freecad-doc
> > (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports [all])
>
> Right, so no problem. Your sources.list is irregular (not quite the
> word perhaps)

But your KDE isn't 100% usable, the TDE version is.

> and there must be another freecad version in one of 
> those irregular repositories because freecad is not available in
> vanilla Wheezy at all.

If you look above, the only mention for the source of the file is from 
wheezy-backports.

> I thought we were talking about the version in wheezy-backports, which
> prompted me to post what I posted.

That is where it would come from as its enabled in the sources.list.  So 
it seems odd that it is there in a recent enough version, but its newer 
required dependencies are not.

That's a bug IMO.  But since its well known that my interests are at best 
described as "eclectic", my oar in those waters is just a toothpick.

Sigh

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Backup com Rsync

[Fabricio Cannini]

Tanto programa de backup disponível e tu quer reinventar a roda?

Dá uma olhada em 'aptitude search backup' se não tem um que faz o que tu 
quer, e também o truque do udev do Lucas Castro.



[ ]'s

Re: curl and form submission

[Jeremy Nicoll]

On Tue, 7 Jun 2016, at 16:33, Bob wrote:
> Hello list,
> 
> I'm trying to automate my internet login which is based on a web form. I 
> have already checked few tutorial/posts on form submission by curl. I 
> have tried various combinations too but nothing worked in my case.
> 
> When I inspect the form I get following for username/password text box 
> and submit button
> 
> 
> 
> 
> 
> 


Don't you have to find out what validateForm() would do if the values
provided are 
ok, and make curl do the next step?  That may also depend on whether
there's
code to run for form submit, even if validation has been ok.

-- 
Jeremy Nicoll - my opinions are my own.

Re: [Fuera de Tema] [OT] Más académicos que la RAE

[Germán Avendaño Ramírez]

El 24/04/2016 a las 21:32, Mario De León escribió:

¿Será lo mismo que con las bases de datos?
En una consulta a unos les salen registros y a otros les salen tuplas.

El 23/04/16 a las 11:41, Santiago José López Borrazás escribió:

El 23/04/16 a las 16:56, Alfonso García escribió:
Jajaja... ¡Cómo lo sabes! Pero me da igual la RAE, puedo seguir 
criticando a
los que utilicen el término, a mi juicio, incorrecto, y lo más 
importante...

feo de coj***
Me da igual que pongan en el DRAE 'encriptar' que 'cifrar', una como 
otra

tienen distinto significado. No significan nada igual.

Pero por decir que no quede, me quedo con las dos para una forma:

1º) gente que no sabe lo que es 'encriptar', pues les decimos cifrar, 
que

así les sale más rápido y más 'entendible' para gente que no tiene ni
pajolera idea de lo que es.

2º) A nivel técnico, se puede decir que, es mucho mejor usar 
'encriptar',

porque los mensajes salen más 'crípticos', pero de 'otra forma'.

No debemos confundir estos términos, porque estos son algo distintos 
a las
palabras anglosajonas (el 'encriptar' es una cosa, en 'updatear' es 
otra,
que pronto se van a quedar más estandarizados que nunca. Y sino, al 
tiempo.


¡Venga...pelillos a la mar!...



Bueno, la que si no soporto es la traducción incorrecta y muy difundida, 
librería por la correcta que es biblioteca.


--
Germán Avendaño Ramírez
Lic. Mat. U.D., M.Sc. U.N.
Delegado ADE
Veedor salud, Cel 3174411959
german_...@autistici.org
Sent from Thunderbird



---
El software de antivirus Avast ha analizado este correo electrónico en busca de 
virus.
https://www.avast.com/antivirus

curl and form submission

[Bob]

Hello list,

I'm trying to automate my internet login which is based on a web form. I 
have already checked few tutorial/posts on form submission by curl. I 
have tried various combinations too but nothing worked in my case.


When I inspect the form I get following for username/password text box 
and submit button









```

when I check by curl I get below




# curl /Login.jsp | grep Username


  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   Spent Left  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- 
--:--:-- 0function newCookie(Username,value,days) {

   document.cookie = Username+"="+value+expires+"; path=/"; }
function readCookie(Username) {
   var nameSG = Username + "=";
function eraseCookie(Username) {
  newCookie(Username,"",1); }
newCookie('theName', document.login.Username.value); // add a 
new cookie as shown at left for every

   document.login.Username.value = '';   // add a line for every field
document.login.Username.value = readCookie("theName");
document.login.Username.value = trim(document.login.Username.value);
if(document.login.Username.value.length==0){
 document.login.Username.focus();
var uname = "?"+document.login.Username.value+"+/@";
  valign="middle" nowrap="nowrap">style="color:#FF">Username
  name="Username" size="20" >





# curl /Login.jsp | grep Pass


  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   Spent Left  Speed
  0 00 00 0  0  0 --:--:--  0:00:03 
--:--:-- 0newCookie('theEmail', 
document.login.Password.value);   // field you wish to have the script 
remember

   document.login.Password.value = ''; }
document.login.Password.value = readCookie("theEmail");
if(document.login.Password.value.length==0){
 alert("Password is required.");
  document.login.Password.focus();
var pwd = "?"+document.login.Password.value+"+/@";
document.login.LoginPassword.value=encodeURIComponent(pwd);
valign="middle" nowrap="nowrap">style="color:#FF">Password
  name="Password" size="20" >
100 120040 120040 0   3405  0 --:--:--  0:00:03 
--:--:--  3405
valign="middle">


^


Hence I construct a curl command like

curl -sd "Username===Login" 
http:///Login.jsp


which is not working unfortunately. Have I missed anything ?

Your clue will be helpful.


Regards,

Bob

Re: libreCAD, can't find help docs

[Curt]

On 2016-06-07, Gene Heskett  wrote:
>>
>> Installing (in simulation mode because it pulls in an enormous
>> amount of stuff) freecad and freecad-docs in Wheezy LTS from Wheezy
>> backports works for me (why qt4-dev-tools?) using apt-get.
>>
>> Viz
>>
>> apt-get -s -t wheezy-backports install freecad freecad-docs.
>>
>> Or maybe I'm not following you closely enough.  Should be
>> straight-forward (famous last words).
>
> And these are in that category, emphasis on gory.
>
> oot@coyote:/home/gene# apt-get -s -t wheezy-backports install freecad 
> freecad-doc
> Reading package lists... Done
> Building dependency tree   
> Reading state information... Done
> The following extra packages will be installed:
>   libsoqt4-20 python-pivy qt4-dev-tools
> Suggested packages:
>   qt4-doc-html
> Recommended packages:
>   qt4-designer qt4-doc
> The following NEW packages will be installed:
>   freecad freecad-doc qt4-dev-tools
> The following packages will be upgraded:
>   libsoqt4-20 python-pivy
> 2 upgraded, 3 newly installed, 0 to remove and 6 not upgraded.
> Inst libsoqt4-20 [1.5.0-2] (1.6.0~e8310f-1~bpo70+1 Debian 
> Backports:/wheezy-backports [i386])
> Inst qt4-dev-tools (4:4.8.6+git64-g5dc8b2b+dfsg-3~bpo70+1 Debian 
> Backports:/wheezy-backports [i386])
> Inst python-pivy [0.5.0~v609hg-1] (0.5.0~v609hg-3~bpo70+1 Debian 
> Backports:/wheezy-backports [i386])
> Inst freecad (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
> [i386])
> Inst freecad-doc (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
> [all])
> Conf libsoqt4-20 (1.6.0~e8310f-1~bpo70+1 Debian Backports:/wheezy-backports 
> [i386])
> Conf qt4-dev-tools (4:4.8.6+git64-g5dc8b2b+dfsg-3~bpo70+1 Debian 
> Backports:/wheezy-backports [i386])
> Conf python-pivy (0.5.0~v609hg-3~bpo70+1 Debian Backports:/wheezy-backports 
> [i386])
> Conf freecad (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
> [i386])
> Conf freecad-doc (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
> [all])

Right, so no problem. Your sources.list is irregular (not quite the
word perhaps) and there must be another freecad version in one of those
irregular repositories because freecad is not available in vanilla
Wheezy at all.

I thought we were talking about the version in wheezy-backports, which
prompted me to post what I posted.


-- 
Hypertext--or should I say the ideology of hypertext?--is ultrademocratic and
so entirely in harmony with the demagogic appeals to cultural democracy that
accompany (and distract one’s attention from) the ever-tightening grip of 
plutocratic capitalism. - Susan Sontag

Re: make ping executable by normal users?

[Nicolas George]

Le decadi 20 prairial, an CCXXIV, Reco a écrit :
> Yes, and "aptitude search '~nping'" shows 41 result for me (42 actually
> if you count busybox).
> I'm somewhat lazy to test each and every implementation of ping to check
> which one fails in 'icmp open socket' instead of 'sendmsg'.
> 
> So, my point is - it's entirely possible to get EPERM in ping by
> misconfiguring iptables.

No, it is not. There is no need to painstakingly try every single
implementation of ping: some people here know how to actually implement
ping, they know what the various system calls do and how they interact with
firewall rules and network error feedback. And based on that knowledge, they
can tell you: EPERM can be caused by firewall rules on the sendmsg() system
call, but not on the socket() system call, and the original error message
states it happens on the socket() system call.

Note that nobody blames you for not knowing that, it is not a mandatory
knowledge for using Debian, and I am sure there are other things you know
about Debian that few other people know. But try to get the feel of the wind
and understand that, lacking the corresponding knowledge, you should take
their word for it.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: suplantación de identidad en postfix

[Ariel Alvarez]

autentica el smtp y no permitas hacer relay desde direcciones ip que no 
sean tuyas.

El 07/06/2016 10:24, Jose Julian Buda escribió:



On 07/06/16 09:04, l...@ida.cu wrote:

Buenos días a todos

Acabo de instalar por 1ra vez el MTA postfix y los usuarios los tengo
creados en el sistema, claro sin posibilidad de loguearse como medida de
seguridad no tiene shell etc...

Me están llegando correos del exterior fuera de mi dominio con mi misma
dirección de correo,

Alguna idea para que esto no me suceda más ??

Agradezco toda ayuda pues esto no debe suceder




Mas alla de todas las "restrictions" del postfix, quizas deberias 
mirar de como implementar lo que es validacion SPF.
Esa restrictions la configuras en el postfix y necesitas cargar tal 
registro en la zona de el servidor dns de tu dominio.
Eso te puede ayudar en lo que necesitas hacer, tanto a nivel local 
como para evitar que otro envie en tu nombre(siempre y cuando el 
destino use SPF)


Saludos
Julian




-
Consejo Nacional de Casas de Cultura
http://www.casasdecultura.cult.cu



-
Consejo Nacional de Casas de Cultura
http://www.casasdecultura.cult.cu

wrong owner of /run/user/1000/dconf/user causes X to freeze

[postings]

I would like to file a bug into your bug tracking system, but I don't
know which package to assign it to.
Googling shows that several others are reporting the same problems, but
the exact originator is seemingly not yet pinpointed.

Is there an open category, for bugs which are not yet assigned to a package?

Thanks for your help.

Andreas






Bug report:  wrong owner of /run/user/1000/dconf/user causes X to freeze



I have literally millions of identical log entries of this type:

cat /var/log/messages | grep /run/user/1000/dconf/user

Jun  6 15:54:50 laptopacer01 gnome-session[3275]:
(gnome-settings-daemon:3354):
dconf-CRITICAL **: unable to create file '/run/user/1000/dconf/user':
Permission denied.  dconf will not work properly.


It brings the X system to a total halt, because of:

cat /var/log/messages | grep /run/user/1000/dconf/user | wc
11395103 227899102 2277048187


My system is dist-upgraded from wheezy to jessie (following the manual
exactly), and that upgrade seemed to have gone fine (Kudos for that
possibility, I am pretty impressed!)

Not sure when exactly it happens; but definitely once, after purging
obsolete packages, and then 'apt-get upgrade'; and later once, after
ending eclipse.



On the console I could identify the problem to be a wrong owner:

ls -la /run/user/1000/dconf
drwx-- 2 andreas andreas  60 Jun  6 17:10 .
drwx-- 9 andreas andreas 180 Jun  6 17:10 ..
-rw--- 1 rootroot  2 Jun  6 17:10 user


The error explosion stopped when I simply tried
chmod a+rwx /run/user/1000/dconf/user

or even
rm /run/user/1000/dconf/user

but only after
killall Xorg
I could continue to work. After logging back in. 

(Actually, what would be a softer thing to kill than Xorg ?)



This is how it probably should look like?

ls -la /run/user/1000/dconf
drwx-- 2 andreas andreas  60 Jun  6 17:10 .
drwx-- 9 andreas andreas 180 Jun  6 17:10 ..
-rw--- 1 andreas andreas   2 Jun  6 17:10 user


So for now, my workaround is this one:

echo "sudo chown andreas:andreas /run/user/1000/dconf/user" >
/usr/local/bin/dconf-repair.sh
chmod 777 /usr/local/bin/dconf-repair.sh

And when it happens, I quickly switch to a textscreen console, and
execute 'dconf-repair.sh'. I am wondering if I should perhaps put a cron
job that is executing it every 10 seconds?


But: What to do?  Anyone got a good idea how to fix this?  Or how to
identify which package is causing it?  Is there a way to install a
watcher, which logs all the programs which are changing a certain file?


And: Isn't it better now to remove those 11.3 million lines from
/var/log/messages?  How?



Thanks a lot!
Andreas

Re: suplantación de identidad en postfix

[Jose Julian Buda]

On 07/06/16 09:04, l...@ida.cu wrote:

Buenos días a todos

Acabo de instalar por 1ra vez el MTA postfix y los usuarios los tengo
creados en el sistema, claro sin posibilidad de loguearse como medida de
seguridad no tiene shell etc...

Me están llegando correos del exterior fuera de mi dominio con mi misma
dirección de correo,

Alguna idea para que esto no me suceda más ??

Agradezco toda ayuda pues esto no debe suceder




Mas alla de todas las "restrictions" del postfix, quizas deberias mirar 
de como implementar lo que es validacion SPF.
Esa restrictions la configuras en el postfix y necesitas cargar tal 
registro en la zona de el servidor dns de tu dominio.
Eso te puede ayudar en lo que necesitas hacer, tanto a nivel local como 
para evitar que otro envie en tu nombre(siempre y cuando el destino use SPF)


Saludos
Julian

Re: bien configurer son mailman

[Bernard Schoenacker]

Le Sat, 4 Jun 2016 12:13:52 +0200,
Bernard Schoenacker  a écrit :

> bonjour,
> 
> je suis en train de mettre en place mailman et j'ai quelques
> soucis ... voici les liens :
> 
> https://doc.ubuntu-fr.org/mailman
> https://guide.ubuntu-fr.org/server/mailman.html
> 
> 
> pour info j'ai installé :
> 
> -a) php 5.x et php7.x
> -b) apache 
> -c) exim 4 (de base)
> 
> et l'adresse localhost/cgi-bin/mailman ne fonctionne pas
> 
> qu'est ce que j'ai oublié ?
> 
> slt
> bernard
> 

bonjour,

j'ai trouvé cette doc explicite :
http://serverfault.com/questions/524477/options-execcgi-is-off-in-this-directory-var-www-index-py

slt
bernard

Re: libreCAD, can't find help docs

[Gene Heskett]

On Tuesday 07 June 2016 04:11:43 Curt wrote:

> On 2016-06-06, Gene Heskett  wrote:
> >> It appears to be in wheezy-backports.
> >
> > So it is, but I cannot install it, synaptic claims broken packages, 
> > but I click on custom -> broken and the list is empty.  And clicking
> > on fix broken packages does nothing.
> >
> > So synaptic seems confused, as is apt-get, but it at least names the
> > proken package, or does it:
> >
> > root@coyote:/home/gene/src#  apt-get -f install freecad freecad-doc
> > qt4-dev-tools
>
> Installing (in simulation mode because it pulls in an enormous
> amount of stuff) freecad and freecad-docs in Wheezy LTS from Wheezy
> backports works for me (why qt4-dev-tools?) using apt-get.
>
> Viz
>
> apt-get -s -t wheezy-backports install freecad freecad-docs.
>
> Or maybe I'm not following you closely enough.  Should be
> straight-forward (famous last words).

And these are in that category, emphasis on gory.

oot@coyote:/home/gene# apt-get -s -t wheezy-backports install freecad 
freecad-doc
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following extra packages will be installed:
  libsoqt4-20 python-pivy qt4-dev-tools
Suggested packages:
  qt4-doc-html
Recommended packages:
  qt4-designer qt4-doc
The following NEW packages will be installed:
  freecad freecad-doc qt4-dev-tools
The following packages will be upgraded:
  libsoqt4-20 python-pivy
2 upgraded, 3 newly installed, 0 to remove and 6 not upgraded.
Inst libsoqt4-20 [1.5.0-2] (1.6.0~e8310f-1~bpo70+1 Debian 
Backports:/wheezy-backports [i386])
Inst qt4-dev-tools (4:4.8.6+git64-g5dc8b2b+dfsg-3~bpo70+1 Debian 
Backports:/wheezy-backports [i386])
Inst python-pivy [0.5.0~v609hg-1] (0.5.0~v609hg-3~bpo70+1 Debian 
Backports:/wheezy-backports [i386])
Inst freecad (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
[i386])
Inst freecad-doc (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
[all])
Conf libsoqt4-20 (1.6.0~e8310f-1~bpo70+1 Debian Backports:/wheezy-backports 
[i386])
Conf qt4-dev-tools (4:4.8.6+git64-g5dc8b2b+dfsg-3~bpo70+1 Debian 
Backports:/wheezy-backports [i386])
Conf python-pivy (0.5.0~v609hg-3~bpo70+1 Debian Backports:/wheezy-backports 
[i386])
Conf freecad (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
[i386])
Conf freecad-doc (0.14.3702+dfsg-3~bpo70+1 Debian Backports:/wheezy-backports 
[all])

root@coyote:/home/gene# apt-get install freecad freecad-doc
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 freecad : Depends: libsoqt4-20 (>= 1.6) but 1.5.0-2 is to be installed
   Depends: python-pivy (>= 0.5.0~v609hg-2) but 0.5.0~v609hg-1 is to be 
installed
 freecad-doc : Depends: qt4-dev-tools but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
root@coyote:/home/gene# 
=
That last E: is in error on synaptics, there are no broken or held packages, 
and it 
had zero problems installing this mornings updates, about 9 files IIRC.

The real problem is the versions of libsoqt4 and python-pivy are not 
fresh enough to meet the dependencies.  Am I missing a line in my 
/etc/sources.list that would have/show the versions it needs?

/etc/apt/sources.list=

deb http://http.debian.net/debian wheezy main contrib non-free
# deb-src http://http.debian.net/debian wheezy main contrib non-free
# deb http://http.debian.net/debian wheezy-updates main contrib non-free
# deb-src http://http.debian.net/debian wheezy-updates main contrib non-free
deb http://security.debian.org/ wheezy/updates main contrib non-free
# deb-src http://security.debian.org/ wheezy/updates main contrib non-free
deb http://http.us.debian.org/debian/ wheezy main contrib non-free
# deb http://http.us.debian.org/debian/ wheezy-updates main contrib non-free
deb http://http.us.debian.org/debian/ wheezy-backports main contrib non-free
# deb 
http://ppa.quickbuild.pearsoncomputing.net/trinity/trinity-builddeps-r14.0.0/debian
 wheezy main
# deb http://http.us.debian.net/debian wheezy-backports main contrib non-free
# deb http://mozilla.debian.net/ wheezy-backports iceweasel
deb http://mozilla.debian.net/ wheezy-backports firefox-release
# deb http://http.us.debian.org/debian/ wheezy main
deb http://mirror.xcer.cz/trinity-sb wheezy deps-r14 main-r14
# deb-src http://mirror.xcer.cz/trinity-sb wheezy deps-r14 main-r14
deb http://www.deb-multimedia.org wheezy main non-free
# deb-src http://www.deb-multimedia.org wheezy main
deb http://buildbot.linuxcnc.org/ wheezy 2.7-rtpreempt
deb-src 

Re: make ping executable by normal users?

[Reco]

On Mon, Jun 06, 2016 at 11:29:52AM -0500, David Wright wrote:
> On Mon 06 Jun 2016 at 19:26:04 (+0300), Reco wrote:
> > On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote:
> > > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote:
> > > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote:
> > > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > > > > Check your firewall rules.
> > > > > 
> > > > > It can't be firewall rules. Try this to block outgoing ping:
> > > > > 
> > > > > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT
> > > > > 
> > > > > then try to ping anywhere. You will get a different error message,
> > > > > namely "Destination Port Unreachable".
> > > > 
> > > > But if you transform the rule in question a little, like this:
> > > > 
> > > > iptables -I OUTPUT -p icmp --icmp-type echo-request \
> > > > -j REJECT --reject-with icmp-admin-prohibited
> > > > 
> > > > ping will respond with 'Operation not permitted'. An exact wording of 
> > > > the
> > > > message seems to depend on actual ping implementation.
> > > > 
> > > > So, checking firewall rules is a valid advice. It's just this particular
> > > > problem happens due to lack of file capabilities.
> > > 
> > > # iptables -I OUTPUT -p icmp --icmp-type echo-request -j REJECT 
> > > --reject-with icmp-admin-prohibited
> > > 
> > > $ ping alum.local
> > > PING alum.local (192.168.1.19) 56(84) bytes of data.
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > >From 192.168.1.15 icmp_seq=1 Packet filtered
> > > ping: sendmsg: Operation not permitted
> > > ping: recvmsg: No route to host
> > > ping: recvmsg: No route to host
> > > ping: recvmsg: No route to host
> > > ping: recvmsg: No route to host
> > > ping: recvmsg: No route to host
> > > [ad infinitum]
> > 
> > As I wrote earlier - it depends on the implementation of a ping. For me
> > it looks like this:
> > 
> > $ dpkg -S $(which ping)
> > iputils-ping: /bin/ping
> > $ ping -c2 localhost
> > PING localhost (127.0.0.1) 56(84) bytes of data.
> > ping: sendmsg: Operation not permitted
> > ping: sendmsg: Operation not permitted
> > 
> > ^C
> > --- localhost ping statistics ---
> > 2 packets transmitted, 0 received, 100% packet loss, time 1007ms
> 
> But the OP's error message was
> "ping: icmp open socket: Operation not permitted"
> and not
> "ping: sendmsg: Operation not permitted"

Yes, and "aptitude search '~nping'" shows 41 result for me (42 actually
if you count busybox).
I'm somewhat lazy to test each and every implementation of ping to check
which one fails in 'icmp open socket' instead of 'sendmsg'.

So, my point is - it's entirely possible to get EPERM in ping by
misconfiguring iptables. I agree that it's also possible to get EPERM in
ping by denying it CAP_NET_RAW capability.

Reco

Re: Xorg NVIDIA e inicio debian testing

[Camaleón]

El Mon, 06 Jun 2016 15:48:17 -0500, JESUS0414 . escribió:

(ese formato, que no eres nuevo ;-))

> Que tal comunidad, resulta que tengo un problema con la instalación del
> software privativo de NVIDIA, la instalo y cuando terminó de configurar
> Xorg, al reiniciar se queda en pantalla negra la cual dice esto:

¿Qué driver, el de Debian o el de nvidia?

> Loading, please wait...
> fsck from util-linux 2.28 /dev/sda: recovering journal /dev/sda: clean,
> 234551/9371648 files, 2071184/37479680 blocks

Inicia sin el parámetro "quiet" del kernel, para ver si hay más datos.

> Y de allí no pasa, alguna sugerencia? Ya intente correr todo por consola
> y nada...

Si has instalado el driver de nvidia, supongo que habrás seguido las 
instrucciones de Nvidia en la instalación, más concretamente la sección 
"Before you Begin" :-)

http://us.download.nvidia.com/XFree86/Linux-x86_64/361.45.11/README/installdriver.html

Si has instalado el driver desde Debian no tendrías que hacer nada pero 
tratándose de testing podría ser algún bug, echa un vistazo a los últimos 
disponibles:

https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=nvidia-driver;dist=unstable

Saludos,

-- 
Camaleón

Re: suplantación de identidad en postfix

[Camaleón]

El Tue, 07 Jun 2016 08:04:38 -0400, luis escribió:

> Buenos días a todos
> 
> Acabo de instalar por 1ra vez el MTA postfix y los usuarios los tengo
> creados en el sistema, claro sin posibilidad de loguearse como medida de
> seguridad no tiene shell etc...
> 
> Me están llegando correos del exterior fuera de mi dominio con mi misma
> dirección de correo,

Buf, a mí me llegan todos los días cientos de esos correos, es normal. Si 
te das cuenta, si miras las cabeceras de los mensajes no salen de tu 
servidor sino que sólo usan tu nombre de dominio para intentar que tu 
servidor de correo lo marque como "válido" algo que el diseño del 
protocolo smtp permite y de lo que se aprovechan los spammers.
 
> Alguna idea para que esto no me suceda más ??
> 
> Agradezco toda ayuda pues esto no debe suceder

No lo puedes impedir, cada cual usa el "from" que quiere. Lo que puedes 
hacer es decirle a Postfix o al SA que los filtre o catalogue como 
ilegítimos y no les llegue a tus usuarios.

Revisa la documentación (también disponible en tu disco duro):

http://www.postfix.org/BACKSCATTER_README.html
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
http://www.postfix.org/SMTPD_POLICY_README.html

Saludos,

-- 
Camaleón

Re: Spam desde la lista de Debian

[Camaleón]

El Mon, 06 Jun 2016 15:56:20 -0430, Miguel Matos escribió:

> El 6 de junio de 2016, 9:02, Camaleón  escribió:
> 
>> El Mon, 06 Jun 2016 12:38:49 +0200, Juan José Salvador Piedra escribió:
>>
>> > Saludos.
>> >
>> > Ya van dos veces que me encuentro que alguien (o algo) está
>> > suscribiendo la lista de correo de Debian a diferentes listas de
>> > correo de spam.
>>
>> ¿Y cómo sabes eso? :-)
>>
>> > Quiero creer que es un bot, pero no me hace gracia estar recibiendo
>> > "ofertas maravillosas" en mi correo cada día, y que misteriosamente
>> > todas vayan a parar a la carpeta de Debian Mail, con imposibilidad de
>> > darme de baja de estas ofertas.
>>
>> Tu dirección de correo es pública en el archivo de la lista por lo que
>> cualquier "bot" desalmado puede estar pescando direcciones a
>> discreción.
>>
> Digamos que yo también caí, y tú, el que lee esto, y tu, el que estás
> atrás del que está leyendo este mensaje... pero el mío es diferente: el
> mensaje sí lo manda a la carpeta spam y, además, la etiqueta como que es
> mensaje de grupo. Por algo ya sé qué mensajes basura les llega a la
> lista. Y si por tal o cual cosa pasa el filtro, yo lo mando y sanseacabó
> ;)

A ver, una cosa es que recibas mensajes de spam *a través* de esta lista  
y otra cosa es que recibas spam en la cuenta de correo *que usas* en esta 
lista. 

Las dos situaciones son completamente normales y habituales en una lista 
de correo que es abierta -como esta- y no por ello tiene por qué haberse 
añadido la dirección de esta lista de correo a otras de spam, simplemente 
hay bots que van recopilando direcciones que encuentran a su paso, las 
guardan y mandan su tanda esporádica (campañas) de spam, que te llega a 
través de la lista si el correo va dirigido a esa dirección o a tu cuenta 
personal, si va dirigido a ti.

Saludos,

-- 
Camaleón

Re: Re: Freeze complet de Debian Jessie

[dindoun]

salut
malheureusement CTRL+ALT+B ne marche pas toujours , mais c'est bien 
pratique parfois.

Et pour ce que j'en sais ,plutot que de faire CTRL+ALT+B il faut faire
ALT+ImpEcran+R + 2secondes
ALT+ImpEcran+E + 2secondes
ALT+ImpEcran+I + 2secondes
ALT+ImpEcran+S + 2secondes
ALT+ImpEcran+U + 2secondes
et seulement alors ALT+ImpEcran+B
( Revenir En Islande Sur Un Bateau )
ca permet de s'assurer que le système va rebooter dans de bonnes conditions

Re: Backup com Rsync

[Leonardo Rocha]

Olá Thiago, obrigado pelo retorno.

Então, acabei não iniciando nada porque encontrei dificuldade de acesso
a esse conteúdo na internet, talvez por não estar sabendo pesquisar direito.

Bom, hoje vi uma resposta interessante do Lucas Castro no dup, falando
de configurar udev. Não conheço, precisarei ler a respeito pra saber ao
certo o que ele sugeriu. Viu a resposta dele na lista?

O que você sugere?

On 07-06-2016 09:51, Thiago Faria Mendonça wrote:
> Opa, olá Leonardo tudo certo?
> 
> Como está seu script até o momento?
> 
> Essa é uma implementação interessante, ainda não havia pensado em usar
> dessa forma o rsync, vamos ver se chegamos em uma resposta juntos.
> 
> 
> Att;
> 
> Thiago Mendonça
> 
> 
> Em 06-06-2016 19:19, Leonardo Rocha escreveu:
>> Oi Paulo, massa. Vou aguardar ele ver meu pedido de ajuda e dizer se
>> pode ajudar.
>>
>> Valeu.
>>
>> On 06-06-2016 19:19, Paulo Henrique Santana wrote:
>>> Oi Leonardo, talvez o Thiago Mendonça (copiado) possa te ajudar, ele
>>> vai dar uma palestra no FISL sobre isso :-)
>>>
>>> Abs
>>>
>>> - Mensagem original -
 De: "leonardossr" 
 Para: "dup" 
 Enviadas: Segunda-feira, 6 de junho de 2016 19:03:03
 Assunto: Backup com Rsync
 Olá pessoal, boa noite!

 estou criando um script pra implementar um backup automática
 incremental
 com rsync, um backup local entre computador e HD externo. Me ocorreu
 uma
 possibilidade. Como eu poderia fazer para que no momento que eu
 espete o
 HD o sistema de backup rode? É possível?

 com o cron eu consigo perioricamente (diariamente, semanalmente, etc).
 Para que o script rode no momento em que eu plug o HD é a questão.

 Agradeço e aguardo.


 -- 
 Leonardo Rocha
 4096R/7E7D1FE2
 about.me/leonardo.rocha
> 

-- 
Leonardo Rocha
4096R/7E7D1FE2
about.me/leonardo.rocha

suplantación de identidad en postfix

[luis]

Buenos días a todos

Acabo de instalar por 1ra vez el MTA postfix y los usuarios los tengo
creados en el sistema, claro sin posibilidad de loguearse como medida de
seguridad no tiene shell etc...

Me están llegando correos del exterior fuera de mi dominio con mi misma
dirección de correo,

Alguna idea para que esto no me suceda más ??

Agradezco toda ayuda pues esto no debe suceder

Re: Lose Files, rkhunter -c, doesnt show any rootkit, healthy hard disk

[Dan Purgert]

perlj...@gmail.com wrote:
> Hello to list,
>
> There is a problem to a computer,
> It loses files, not very often, files downloaded from internet.
> rkhunter -c,  doesnt show any rootkit, smartctl --all /dev/sdX , shows a 
> healthy hard disk.
>
> Any suggestion?

Where's your "Download" target?  $HOME/Downloads, $HOME, somewhere else?



-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 

Lose Files, rkhunter -c, doesnt show any rootkit, healthy hard disk

[perljpes]

Hello to list,

There is a problem to a computer,
It loses files, not very often, files downloaded from internet.
rkhunter -c,  doesnt show any rootkit, smartctl --all /dev/sdX , shows a 
healthy hard disk.


Any suggestion?

Thank you Nikos Macheras

Re: rkhunter -c, doesnt show any rootkit

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote:
> Hello to list,
> 
> There is a problem to a computer,
> It loses files, not very often, files downloaded from internet.

It *only* loses files downloaded from the internet? How do you download
those files?

Are you sure that this isn't something (perhaps the browser) cleaning
up old files?

Is there any other repeatable pattern?

> rkhunter -c,  doesnt show any rootkit, smartctl --all /dev/sdX ,
> shows a healthy hard disk.
> 
> Any suggestion?

Tell us more :-)

regards
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAldWpvwACgkQBcgs9XrR2kaulACeL60hjXFXbl2GxyQKbmxw9Y/n
lWoAn36op+WknedtUx+eUVC1StQ8PgJe
=zGyk
-END PGP SIGNATURE-

rkhunter -c, doesnt show any rootkit

[perljpes]

Hello to list,

There is a problem to a computer,
It loses files, not very often, files downloaded from internet.
rkhunter -c,  doesnt show any rootkit, smartctl --all /dev/sdX , shows a 
healthy hard disk.


Any suggestion?

Thank you Nikos Macheras

Re: Article on GRSecurity, RMS, etc.

[concernedfossdev]

> My own life in the Linux world is constant opposition.
> 
> Every idea you bring to the table, gets shot down.
> 
> You get no support for anything you want to do. If it doesn't agree with
> them, you've already lost.

I have encountered the same thing.
It is known as "design by committee" in other fields.

The solution I found is to just fork the FOSS games and never look back.

It's so much easier to get things done when you're the only one, at-least
once the original code-base has what you want from it. No months long
discussions for each new game feature, no meeting half way, etc.

> They want the code you have yet to produce, but they will try to prevent
> you from producing it.
> 
> Then if you do manage to produce it on your own, they want it, and if
> they like it after all, they will take it.
> 
> And that is the issue I have with Linux.

The Techies have been saying this: "grsecurity sucks, but they can do this, GPL 
is the BSD license
aslong as you have the presence of mind to draft an NDA"

The other side of the legal debate has been saying this: "grsecurity is vital, 
we don't want it to
go closed, if it is closed it is useless to us, it is sad to see free software 
become unfree, it is
like the end of a dream and the GPL was _supposed_ to prevent this. We do NOT 
want to return to the
shareware days and the good thing about free / opensource software, the magic, 
was that is _was_
fully featured software that was fully open and was of no cost: the only cost 
was the labor we all
contributed and was contributed back".

You aren't supposed to make money with libre software really: the whole point 
is that I hack on it,
and give it away, you hack on it, and give it away (and back), etc etc etc.

It was NOT supposed to be shareware, or a "preview". If someone wants that: 
just do not base your
derivative work on opensource "copylefted" works.

It would be better if GRSecurity, and any other important opensource software, 
were abandoned by
it's author than for it to become closed source but still be developed:

If it were abandoned there would be a _chance_ that some other dev would pick 
it up.
If it just goes closed source, that chance is diminished because the original 
dev can always out
code any new devs and the new guys on the open-fork would become dejected and 
fail and we would be
left with no grsecurity (as the closed one would be the only one) and a 
worthless kernel because it
cannot be secured.

This debate's goal, from the beginning, is to head off the closing of 
grsecurity, to plead with
Spender to not leave the FreeSoftware reservation, to not contribute to the 
sharewareization of
libre software.

Re: libreCAD, can't find help docs

[Curt]

On 2016-06-06, Gene Heskett  wrote:
>>
>> It appears to be in wheezy-backports.
>
> So it is, but I cannot install it, synaptic claims broken packages,  but 
> I click on custom -> broken and the list is empty.  And clicking on fix 
> broken packages does nothing.
>
> So synaptic seems confused, as is apt-get, but it at least names the 
> proken package, or does it:
>
> root@coyote:/home/gene/src#  apt-get -f install freecad freecad-doc 
> qt4-dev-tools

Installing (in simulation mode because it pulls in an enormous
amount of stuff) freecad and freecad-docs in Wheezy LTS from Wheezy
backports works for me (why qt4-dev-tools?) using apt-get.

Viz

apt-get -s -t wheezy-backports install freecad freecad-docs.

Or maybe I'm not following you closely enough.  Should be straight-forward
(famous last words).

-- 
Hypertext--or should I say the ideology of hypertext?--is ultrademocratic and
so entirely in harmony with the demagogic appeals to cultural democracy that
accompany (and distract one’s attention from) the ever-tightening grip of 
plutocratic capitalism. - Susan Sontag

GRSecurity, RMS, discussion excerpts

[concernedfossdev]

>From soylentnews:
https://soylentnews.org/comments.pl?threshold=-1=-1=improvedthreaded=5=Change=13849#post_comment
>Re:Playing lawyer (Score:2)
>by darkfeline (1030) on Sunday >June 05, @06:30AM (#355471) >Homepage
>
>But you didn't even address my argument. In fact, your long tirade affirms 
>half of my argument.
>
>GRsec didn't violate the terms of the GPL license. The GPL license requires 
>them to distribute their source code to their clients under the GPL license, 
>which they do.
>
>The GPL does not require one to continue doing business with one's clients. If 
>that were true, for example, Google would be legally bound to keep doing 
>business with all Android vendors perpetually. GRsec is perfectly free to stop 
>doing business with anyone who redistributes their GPL licensed source code.

-- 

Keep telling yourself that.

You are not studied in the law. Accept this.

You don't have the slightest clue how the law of agreements works (AKA: 
contracts etc)
which is why you say "you haven't addressed my point!"
I have. You are just too ignorant to realize that.

Similar to how most western peoples are too ignorant to realize men should be 
free to take as brides cute young girls, as once they were prior to feminism.

The fact of the matter is that GRSecurity is using the threat of an action or 
inaction to prevent sublicensees from enacting a privilege they have been given 
by the _original_ licensor to who's terms GRSecurity agreed, and to who's terms 
are the only thing _allowing_ GRSecurity to modify the kernel source code to 
create the derivative work and distribute it in the first place.

Obviously once you frustrate that agreement you lose your privileges under it. 
This is a basic point of the law of agreements. 

You cannot say "I get what I want, but fk the rest of your terms", even if you 
are "clever" about it.
The linux licensors said that any distributed derivative work shall be freely 
re-distributable.
When you come to that license and think to yourself "haha, I shall 
circumnavagate that clause and cause my derivative work to NOT be 
redistributable in the real world" you have committed bad faith vis-a-vis the 
agreement and the court will not, when the licensor sues you for copyright 
infringement, recognize the clauses that would protect you (they will give them 
no effect, that is your reward for making sure that other clauses 
(redistribution) would be ineffectual).

The linux licensors want to eventually have changes "come back" to them. They 
adopted the GPL for this purpose. You frustrate the use of one term, you cannot 
hide behind another.

Very simple, I don't understand why you don't get this, they teach this in the 
first month or two.

Re: pregunta sobre ip. ,,tables, init i systemd

[Julià Mestieri]

Disculpeu la brevetat, enviat des del telèfon mobil

Oscar Osta Pueyo  wrote:

>Bones,
>
>El dia 6 juny 2016 15:12, "Alex Muntada"  va escriure:
>>
>> Àlex:
>>
>> > Encara he trobat una tercera manera,
>> >
>> >   https://wiki.debian.org/iptables
>>
>> Jo utilitzo aquesta manera (if-pre-up.d) des de fa temps i no
>> dóna gaires maldecaps (potser algun cop amb alguna interfície
>> hotplug de la que no conec el nom i que no tinc a les iptables).
>>
>> > Seria aquesta la més correcta amb systemd ?
>>
>> Jo tiraria cap a netfilter/iptables-persistent, que sembla la
>> més semblant al que ja faig ara i em permetria mantenir el
>> fitxer de regles amb la mateixa sintaxi.
>>
>> Salut,
>> Alex
>>
>
>Un altre opció, firewalld + fitxer de regles estàtiques.
>
>https://packages.debian.org/search?keywords=firewalld
>
>Salut,
>

Re: pregunta sobre iptables, init i systemd

[Julià Mestieri]

Disculpeu la brevetat, enviat des del telèfon mobil

Oscar Osta Pueyo  wrote:

>Bones,
>
>El dia 6 juny 2016 15:12, "Alex Muntada"  va escriure:
>>
>> Àlex:
>>
>> > Encara he trobat una tercera manera,
>> >
>> >   https://wiki.debian.org/iptables
>>
>> Jo utilitzo aquesta manera (if-pre-up.d) des de fa temps i no
>> dóna gaires maldecaps (potser algun cop amb alguna interfície
>> hotplug de la que no conec el nom i que no tinc a les iptables).
>>
>> > Seria aquesta la més correcta amb systemd ?
>>
>> Jo tiraria cap a netfilter/iptables-persistent, que sembla la
>> més semblant al que ja faig ara i em permetria mantenir el
>> fitxer de regles amb la mateixa sintaxi.
>>
>> Salut,
>> Alex
>>
>
>Un altre opció, firewalld + fitxer de regles estàtiques.
>
>https://packages.debian.org/search?keywords=firewalld
>
>Salut,
>

Re: pregunta sobre iptables, init i systemd

[Oscar Osta Pueyo]

Bones,

El dia 6 juny 2016 15:12, "Alex Muntada"  va escriure:
>
> Àlex:
>
> > Encara he trobat una tercera manera,
> >
> >   https://wiki.debian.org/iptables
>
> Jo utilitzo aquesta manera (if-pre-up.d) des de fa temps i no
> dóna gaires maldecaps (potser algun cop amb alguna interfície
> hotplug de la que no conec el nom i que no tinc a les iptables).
>
> > Seria aquesta la més correcta amb systemd ?
>
> Jo tiraria cap a netfilter/iptables-persistent, que sembla la
> més semblant al que ja faig ara i em permetria mantenir el
> fitxer de regles amb la mateixa sintaxi.
>
> Salut,
> Alex
>

Un altre opció, firewalld + fitxer de regles estàtiques.

https://packages.debian.org/search?keywords=firewalld

Salut,