> Le 5 nov. 2016 à 17:51, Victor McAllister <victo...@sonic.net> a écrit : >> > I use a LEAF 6.0.0 GEODE on a PC Engines ALIX. > Here I’m using Buc 5.2.7 x86_64 on an Asus mobo P5GC-MX and Power supply, pulled out of the PC tower, it’s in the basement, no one sees it :-) ! Looks like that: http://imgur.com/38JiUW9 <http://imgur.com/38JiUW9> !
> The LEAF handles NTP using bbntpd. However, I allow it to sync with only > one trusted external time server. /etc/default/ntpd > > NTPDRUN=yes > > NTPDOPTS='-l -p name of trusted timeserver' > > IoT devices get their time from the LEAF bbntpd > > *** > in /etc/shorewall/rules > > NTP(ACCEPT) fw net:w.x.y.z > > w.x.y.z is the ip or dname of the trusted time server. > > NTP(ACCEPT) loc fw > > #Block access to net from IoT devices > DROP loc:a.b.c.d,e.f.g.h net > I thought you meant: DROP:NFLOG(4) loc:a.b.c.d,e.f.g.h net I’d like to understand the (4) in NFLOG(4) :-) ! > a.b.c.d is the static ip of the IoT devices I do not want to access the web. > *** > > One of the devices that has no access to the Internet is a wireless > router configured as an AP. It has a fixed IP address and is NOT > configured to do DHCP. Wireless clients pass through to access dnsmasq > on the LEAF box via its ethernet connection. dnsmaq assigns static > addresses to each wireless client > yes I have the same setup here too ! (ASUS RT-AC66U as an AP) I just got some new security cameras (Dlink DCS-5010L) which need to be tightly ruled ! Thank’s again, it’s all good, jrb > example. > > dhcp-host=11:22:33:44:55:66,device dhcp name,192.168.1.x #comment > > Victor > > > ------------------------------------------------------------------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today. http://sdm.link/xeonphi > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
