Hi Herb,
Thanks for everyone's hard work on BlueOnyx!
Thank you for using BlueOnyx! :o)
I just installed 5211R AlmaLinux using the manual mode and ran into an
issue.
I had the /home directory mounted as ext4 in my /etc/fstab file. All normal.
The installation tried to add "gquota" and "uquota" to the fstab file
but that didn't work since its "grpquota" and "usrquota".
Oh yeah. I should have mentioned that in the install docs: The
filesystem of choice is now XFS (the default of EL8 and EL9!) and our
entire tool-chain for disk quota builds on this. That's why it was
trying to use "gquota" and "uquota" (the XFS variants of those tools)
instead of "grpquota" and "usrquota", which was how these were named for
EXT3 and EXT4.
Of course upon reboot it didn't mount and all hell broke lose requiring
alot of hand fixes to complete the process.
Yeah, I can imagine. Sorry about that!
So I think I found a bug??
An oversight. The documentation should have made it clear that it ought
to be XFS now. I'll fix it and I thank you for pointing it out!
When I was finished with the install issues I noticed firewalld was not
started.
Correct. We configure it (to open the ports relevant to BlueOnyx), but
don't start it automatically. But just start it and enable it and you
should be good.
I need to limit ssh access.
I was an old hosts.deny fan. Back in when CentOS 7 was current.
Yeah, sadly the RedHat overlords decided to do away with TCPWrapper
support and with that hosts.allow and hosts.deny got dropped from the OS
and there is no sensible way to get them back.
Can these commands be used without a problem with BlueOnyx?
firewall-cmd --get-default-zone
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --new-zone=sshzone
firewall-cmd --permanent --zone=sshzone --add-source=111.264.132.201/32
firewall-cmd --permanent --zone=sshzone --add-source=63.61.153.48/29
<http://63.61.153.48/29>
firewall-cmd --permanent --zone=sshzone --add-source=211.228.142.32/28
<http://211.228.142.32/28>
firewall-cmd --permanent --zone=sshzone --add-service=ssh
firewall-cmd --reload
firewall-cmd --list-all-zones
I was going to make a script to manage the ip list (add, remove, list,
init zone)
In principle you can use all the commands that Firewalld offers you and
there is nothing in a stock BlueOnyx that messes with this. Aside from
once opening the BlueOnyx ports we don't touch Firewalld past the
initial setup.
Or you can get "APF" from the BlueOnyx shop:
https://shop.blueonyx.it/apf.html
On 5210R and 5211R this grants you access to two PKGs:
- APF (Advanced Package Firewall)
- Firewalld
Ignore APF and install the "Firewalld" Package. It gives you a nice GUI
to manage all sensible aspects of Firewalld on your BlueOnyx directly
from the GUI. It also integrates GeoIP zone blocks, so you can block
whole countries from accessing your server. It uses IPsets for this, so
even large zone blocks don't have much of an impact on the time it needs
to restart the firewall. It's then not loading thousands of IP address
ranges, but whole "precompiled" sets in one go. Which is pretty neat.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
