Michael, Thanks for the quick response.
One more thing. When I tail the log /var/log/messages I see this every 15 seconds: Aug 25 19:34:19 d06 sauce_serviced[982]: Daemon.pm: /usr/bin/systemctl restart ipchains.service: Transaction failed with exit code 1280 Aug 25 19:34:34 d06 sauce_serviced[982]: Daemon.pm: /usr/bin/systemctl restart ipchains.service: Transaction failed with exit code 1280 Aug 25 19:34:49 d06 sauce_serviced[982]: Daemon.pm: /usr/bin/systemctl restart ipchains.service: Transaction failed with exit code 1280 How do I get it to stop? Herb 5211R AlmaLinux 9 On Fri, Aug 25, 2023 at 4:55 PM Michael Stauber via Blueonyx < blueonyx@mail.blueonyx.it> wrote: > Hi Herb, > > > Thanks for everyone's hard work on BlueOnyx! > > Thank you for using BlueOnyx! :o) > > > I just installed 5211R AlmaLinux using the manual mode and ran into an > > issue. > > > > I had the /home directory mounted as ext4 in my /etc/fstab file. All > normal. > > > > The installation tried to add "gquota" and "uquota" to the fstab file > > but that didn't work since its "grpquota" and "usrquota". > > Oh yeah. I should have mentioned that in the install docs: The > filesystem of choice is now XFS (the default of EL8 and EL9!) and our > entire tool-chain for disk quota builds on this. That's why it was > trying to use "gquota" and "uquota" (the XFS variants of those tools) > instead of "grpquota" and "usrquota", which was how these were named for > EXT3 and EXT4. > > > Of course upon reboot it didn't mount and all hell broke lose requiring > > alot of hand fixes to complete the process. > > Yeah, I can imagine. Sorry about that! > > > So I think I found a bug?? > > An oversight. The documentation should have made it clear that it ought > to be XFS now. I'll fix it and I thank you for pointing it out! > > > When I was finished with the install issues I noticed firewalld was not > > started. > > Correct. We configure it (to open the ports relevant to BlueOnyx), but > don't start it automatically. But just start it and enable it and you > should be good. > > > I need to limit ssh access. > > I was an old hosts.deny fan. Back in when CentOS 7 was current. > > Yeah, sadly the RedHat overlords decided to do away with TCPWrapper > support and with that hosts.allow and hosts.deny got dropped from the OS > and there is no sensible way to get them back. > > > Can these commands be used without a problem with BlueOnyx? > > > > firewall-cmd --get-default-zone > > > > firewall-cmd --permanent --remove-service=ssh > > > > firewall-cmd --permanent --new-zone=sshzone > > > > firewall-cmd --permanent --zone=sshzone --add-source=111.264.132.201/32 > > > > firewall-cmd --permanent --zone=sshzone --add-source=63.61.153.48/29 > > <http://63.61.153.48/29> > > > > firewall-cmd --permanent --zone=sshzone --add-source=211.228.142.32/28 > > <http://211.228.142.32/28> > > > > firewall-cmd --permanent --zone=sshzone --add-service=ssh > > > > firewall-cmd --reload > > > > firewall-cmd --list-all-zones > > > > > > I was going to make a script to manage the ip list (add, remove, list, > > init zone) > > In principle you can use all the commands that Firewalld offers you and > there is nothing in a stock BlueOnyx that messes with this. Aside from > once opening the BlueOnyx ports we don't touch Firewalld past the > initial setup. > > Or you can get "APF" from the BlueOnyx shop: > > https://shop.blueonyx.it/apf.html > > On 5210R and 5211R this grants you access to two PKGs: > > - APF (Advanced Package Firewall) > - Firewalld > > Ignore APF and install the "Firewalld" Package. It gives you a nice GUI > to manage all sensible aspects of Firewalld on your BlueOnyx directly > from the GUI. It also integrates GeoIP zone blocks, so you can block > whole countries from accessing your server. It uses IPsets for this, so > even large zone blocks don't have much of an impact on the time it needs > to restart the firewall. It's then not loading thousands of IP address > ranges, but whole "precompiled" sets in one go. Which is pretty neat. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx >
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
