[DNG] EFI Installation of Beowulf?
Dear all, I have switched to a new computer and tried to install Beowulf 3.1.0 in a pure-EFI setting. I have tried installing on a SATA SSD as well as a a m.2 PCIe SSD. Originally, the plan was a dual boot install with Win10 being installed first, however after several failed attempts, I scraped Win10 and went for a Linux-only install. Installation seems to run smoothly but after reboot grub presents itself without the "graphical" selection menu but instead delivers the line "Minimal BASH-like line editing is supported..." After 5 hours of installing and re-installing I tried installing Debian Buster 10.8 (I understand, Beowulf 3.1.0 is based on 10.8). With debian the installation works out of the box. I have found following hints regarding this: EFI Partition may be missing or too small I tried both with guided partitioning and manual partitioning, I created EFI partitions up to 1 gb without success. Grub may have to be re-installed. I tried to chroot into the installation and did a grub-install (after mounting the efi-partition). This did not solve the issue Grub.cfg may be missing I compared the grub.cfg from Debian and Devuan. Superficially they look very similar. Do you have any hints what else to try? Can you spare me going back to debian? Kind regards, Jonathan ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: Distribution upgrade issue
I will definitely run the mysql upgrade first. I’m assuming i should do the mysql upgrade after I update the package lists with the beowulf lists. Sent from my iPhone > On Feb 22, 2021, at 5:00 PM, Hector Gonzalez Jaime via Dng > wrote: > > >> On 2/22/21 3:30 PM, Antony Stone wrote: >>> On Monday 22 February 2021 at 22:26:17, Hector Gonzalez Jaime via Dng wrote: >>> >>> I've seen your original problem frequently, mysql and mariadb both are >>> turned off during upgrades, and then apt-get goes on to install other >>> packages, which might require a database to be running and have no >>> control over this. A workaround is, whenever you have mysql (or >>> mariadb) present, update it first and alone, like this: >>> >>> apt-get update >>> apt-get install default-mysql-server # this command depends on your >>> version, just reinstall mysql's server first. >>> apt-get upgrade >>> apt-get dist-upgrade >>> >>> This way mysql gets updated first, and will be running for the rest of >>> your system. >> I like that - it sounds like an excellent tip (hard to see how it might be >> included in an automated update process, but that would of course be even >> better). >> >> Have you ever mentioned this to the Debian project, to see whether they >> consider this either to be a bug in the upgrade process, or at least a >> workaround worth documenting for people doing the upgrade? > I had only seen this with external packages, so, no, I've never mentioned it. > I think if packages depend on a database of any kind to be updated, they > should wait for it to be done before they run their scripts, but then again, > the database might not even be configured to run in the same system. >> >> Antony. >> > -- > Hector Gonzalez > ca...@genac.org > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
Hi Federico,
Federico Fanton via Dng writes:
> On 22/02/21 16:29, Steve Litt wrote:
>
>> On a Devuan machine, how do I turn off the firewall entirely, so all
>> ports are accessible? I need to do this for experimentation, not as a
>> permanent thing.
>
> To completely reset the firewall, see this script:
>
> #!/usr/bin/env bash
> set -eu
> declare -A chains=(
> [filter]=INPUT:FORWARD:OUTPUT
> [raw]=PREROUTING:OUTPUT
> [mangle]=PREROUTING:INPUT:FORWARD:OUTPUT:POSTROUTING
> [security]=INPUT:FORWARD:OUTPUT
> [nat]=PREROUTING:INPUT:OUTPUT:POSTROUTING
> )
> for table in "${!chains[@]}"; do
> echo "${chains[$table]}" | tr : $"\n" | while IFS= read -r; do
> iptables -t "$table" -P "$REPLY" ACCEPT
> done
> iptables -t "$table" -F
> iptables -t "$table" -X
> done
Neat script that takes care of covering all the tables and their
respective routes. Too bad it doesn't cover IPv6 :-/
That's easily fixed though by replacing iptables with ip6tables and
rerunning it.
For nftables it's a lot easier
nft flush ruleset
will do the same. IIUC, that should even work for firewall configured
via iptables/ip6tables, provided you have nftables installed of course.
Hope this helps,
--
Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27
GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9
Support Free Softwarehttps://my.fsf.org/donate
Join the Free Software Foundation https://my.fsf.org/join
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: Distribution upgrade issue
On 2/22/21 3:30 PM, Antony Stone wrote: On Monday 22 February 2021 at 22:26:17, Hector Gonzalez Jaime via Dng wrote: I've seen your original problem frequently, mysql and mariadb both are turned off during upgrades, and then apt-get goes on to install other packages, which might require a database to be running and have no control over this. A workaround is, whenever you have mysql (or mariadb) present, update it first and alone, like this: apt-get update apt-get install default-mysql-server # this command depends on your version, just reinstall mysql's server first. apt-get upgrade apt-get dist-upgrade This way mysql gets updated first, and will be running for the rest of your system. I like that - it sounds like an excellent tip (hard to see how it might be included in an automated update process, but that would of course be even better). Have you ever mentioned this to the Debian project, to see whether they consider this either to be a bug in the upgrade process, or at least a workaround worth documenting for people doing the upgrade? I had only seen this with external packages, so, no, I've never mentioned it. I think if packages depend on a database of any kind to be updated, they should wait for it to be done before they run their scripts, but then again, the database might not even be configured to run in the same system. Antony. -- Hector Gonzalez ca...@genac.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: Distribution upgrade issue
On Monday 22 February 2021 at 22:26:17, Hector Gonzalez Jaime via Dng wrote: > I've seen your original problem frequently, mysql and mariadb both are > turned off during upgrades, and then apt-get goes on to install other > packages, which might require a database to be running and have no > control over this. A workaround is, whenever you have mysql (or > mariadb) present, update it first and alone, like this: > > apt-get update > apt-get install default-mysql-server # this command depends on your > version, just reinstall mysql's server first. > apt-get upgrade > apt-get dist-upgrade > > This way mysql gets updated first, and will be running for the rest of > your system. I like that - it sounds like an excellent tip (hard to see how it might be included in an automated update process, but that would of course be even better). Have you ever mentioned this to the Debian project, to see whether they consider this either to be a bug in the upgrade process, or at least a workaround worth documenting for people doing the upgrade? Antony. -- The truth is rarely pure, and never simple. - Oscar Wilde Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: Distribution upgrade issue
On 2/22/21 1:59 PM, Curtis Maurand via Dng wrote: On 2/22/21 4:26 AM, Pontus Goffe via Dng wrote: Putting this back on list. I still think you are doing it wrong, after changing your sources.list(s) you should, at least apt-get update apt-get upgrade apt-get dist-upgrade Ah. you have an extra step. The following is from the website doc. Update the package lists from the Beowulf repository. |root@devuan:~# apt-get update| Devuan Jessie users should now upgrade the Devuan repository keyring, and update the package lists again so packages can be authenticated. |root@devuan:~# apt-get install devuan-keyring| |root@devuan:~# apt-get update| If xscreensaver is running you should kill it now as it needs to be stopped before it can be upgraded. |root@devuan:~# killall xscreensaver| Now you can perform the upgrade. |root@devuan:~# apt-get dist-upgrade| I've seen your original problem frequently, mysql and mariadb both are turned off during upgrades, and then apt-get goes on to install other packages, which might require a database to be running and have no control over this. A workaround is, whenever you have mysql (or mariadb) present, update it first and alone, like this: apt-get update apt-get install default-mysql-server # this command depends on your version, just reinstall mysql's server first. apt-get upgrade apt-get dist-upgrade This way mysql gets updated first, and will be running for the rest of your system. Hector Gonzalez ca...@genac.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
It turns out that my Devuan VM guest didn't even have iptables installed, so all this time I've been dealing with a no-firewall guest, which is what I wanted for experimentation. Once I've got everything working the way I want, I'll install iptables on the Devuan VM guest and solve any problems that come up. Thanks, and I'm sorry for the false alarm. SteveT On Mon, 22 Feb 2021 10:29:50 -0500 Steve Litt wrote: > Hi all, > > I could probably web search this, but there's s much contradictory > stuff on the web, and I've been doing nothing but web searching for a > week now, and probably one of you knows it off the top of your head. > > On a Devuan machine, how do I turn off the firewall entirely, so all > ports are accessible? I need to do this for experimentation, not as a > permanent thing. > > Thanks, > > SteveT > > Steve Litt > Autumn 2020 featured book: Thriving in Tough Times > http://www.troubleshooters.com/thrive > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Assigning a specific subnet and address to a Devuan Beowulf Qemu guest
Thanks Ralph!
I don't think you can imagine how helpful your text explanation was.
Qemu documentation is a world of assumptions about the user,
conflicting docs, anecdotal solutions, ambiguity, and pretty much
anything except how the whole thing's put together. Your documentation
(quoted below) is by far the best in terms of explaining how the whole
thing fits together. THANK YOU!
Based on your explanation of how the bridge interface works, and how
-netdev user creates an IP level hack, and how id strings are used, I
quickly created the following qemu startup script:
#!/bin/sh
dvddir=/scratch/linuxinst/devuan/devuan_beowulf/installer-iso
qemu-system-x86_64 --enable-kvm \
-cdrom $dvddir/devuan_beowulf_3.0.0_amd64-desktop.iso \
-hda /scratch/qemu_images/beowulf.disk \
-m 4G \
-boot c \
-netdev bridge,id=mybridge0,br=br0 \
-device virtio-net-pci,netdev=mybridge0 \
The preceding shellscript produces a Devuan guest VM with the following
capabilities:
* Can ping, ssh, or web browse to 192.168.0.1, 192.168.0.2, 192.168.0.13
* Can ping, ssh or web browse to Troubleshooters.Com
* Can be pinged, ssh'ed or browsed from 192.168.0.2 or 192.168.0.97
* Appears much more performant than -netdev user
* Can ping (probably with help from some other procedures I did before)
* Can be run by user slitt (after making slitt a member of group
unpriv_ping)
* Requires no virt-manager, aqemu, brctl, etc.
In other words, my Devuan VM guest looks a hell of a lot like just
another metal machine on my 192.168.0.0/24 LAN. Which is what I wanted.
I still have tasks to complete:
* Convert it from DHCP to a fixed address without losing its
capabilities.
* Make the screen larger and focus easier to achieve
* Make keystrokes go to the Devuan VM guest instead of the Void metal
host.
* Achieve a remote GUI connection via ssh -Y or VNC.
* Making it run from user slitt inste
* Write documentation, which will require me backing out a lot of the
stuff I did to see which is necessary and which is anecdotal fluff.
I'm serious, once I read your documentation the solution became
obvious, requiring only a quick web lookup to determine exact syntax.
Thanks,
SteveT
On Sun, 21 Feb 2021 22:49:09 +1100
Ralph Ronnquist via Dng wrote:
> Networking for qemu is not that hard though better documentation is a
> praiseworthy aim. But there are an awful lot of variations both in
> what to achieve and in the ways in achieving it. These are some
> thoughts from me:
>
> Like for all qemu device emulations, the network setup arguments for
> qemu come in pairs:
> + one argument that declares the internal emulation device, and
> + another argument that declares to host side attachment.
>
> The connection between the two arguments is done by means of an
> identification label, where (for net emulation) the host attachment is
> "named" by the label using an "id=LABEL" option and the internal
> emulation device argument mentions it using a "netdev=LABEL" option,
> where thus the LABEL bit is your choosen name.
>
> If you leave out identifications then qemu makes guesses about how
> arguments go together; it invents labels "cleverly" and uses them
> "intelligently". Unfortunately most documentation relies on that
> hidden labelling and as a result things appear to work by magic.
>
> Further just for the sake of increased confusion, there is also an
> alternative combination or shortcut argument ("-nic") that lets you
> configure both the emulation and attachment in a single option
> collection.
>
> In your case you have declared a single internal device, the e1000,
> and linked that to one of the two host attachments by the label
> "mynet0". The other host attachment, "mybridge0", is dangling, i.e.
> not linked with any internal interface emulation device, which qemu
> advices about with the "no peer for mybridge0" warning.
>
> HOST SIDE ATTACHMENT
>
> The hands-on for the host side setup depends firstly on which type of
> host attachment it is. "user" and "bridge" are two host attachment
> types. The (currently) full list is
> "(tap|bridge|user|l2tpv3|vde|netmap|vhost-user|socket)".
>
> They are all configured in their own ways although typically they use
> the same or overlapping names of options with typically concordant
> uses of them. The qemu-system-x86 "man" page is rather good at
> describing the attachment types and their options.
>
> In my words:
>
> The "user" type attachment is a "pretend" attachment as it
> facilitates IP level networking for the guest without having
> networking presence as an actual host interface. There is little
> good to say about this attachment type except that it's the one to
> use if you don't want to know anything about anything. Well, not my
> preference at least. The "user" type attachment is especially
> peculiar as it includes a DHCP service for the guest with a client
>
Re: [DNG] Fwd: Distribution upgrade issue
On 2/22/21 4:26 AM, Pontus Goffe via Dng wrote: Putting this back on list. I still think you are doing it wrong, after changing your sources.list(s) you should, at least apt-get update apt-get upgrade apt-get dist-upgrade Ah. you have an extra step. The following is from the website doc. Update the package lists from the Beowulf repository. |root@devuan:~# apt-get update| Devuan Jessie users should now upgrade the Devuan repository keyring, and update the package lists again so packages can be authenticated. |root@devuan:~# apt-get install devuan-keyring| |root@devuan:~# apt-get update| If xscreensaver is running you should kill it now as it needs to be stopped before it can be upgraded. |root@devuan:~# killall xscreensaver| Now you can perform the upgrade. |root@devuan:~# apt-get dist-upgrade| I dont mean that this is your problem, but it could be. //PG Vidarebefordrat meddelande Ämne: Re: [DNG] Distribution upgrade issue Datum: Mon, 22 Feb 2021 04:19:29 -0500 Från: Curtis Maurand Till: Pontus Goffe did i mention that i startrd with ascii. apt-get update apt-get upgrade restart take snapshot edit /etc/sources.list apt-get install devuan-keyring apt-get dist-upgrade roundcube has dependencies on th LAMP stack and shouldn’t be upgraded before it in the sequence. that’s all i’m saying. Sent from my iPhone On Feb 22, 2021, at 2:21 AM, Pontus Goffe via Dng wrote: Den 2021-02-22 kl. 02:25, skrev Curtis Maurand via Dng: Steps for the upgrade. 1. patch system to latest ascii patch level. apt-get update && apt-get upgrade 2. edit the /etc/apt/sources.list to change the ascii entries to beowulf and I commented out the source package entries. 3. apt-get install devuan-keyring (error, already installed) 4. apt-get update 5. apt-get dist-upgrade I think you are supposed to have a 4b, "apt-get upgrade" in between. //PG ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
On Mon, 22 Feb 2021 10:29:50 -0500 Steve Litt wrote: > Hi all, > > I could probably web search this, but there's s much contradictory > stuff on the web, and I've been doing nothing but web searching for a > week now, and probably one of you knows it off the top of your head. > > On a Devuan machine, how do I turn off the firewall entirely, so all > ports are accessible? I need to do this for experimentation, not as a > permanent thing. > > Thanks, > > SteveT > > Steve Litt > Autumn 2020 featured book: Thriving in Tough Times > http://www.troubleshooters.com/thrive Hi, I would dare to say without any sarcasm the same way you turned it on, as far as I know no firewall is installed by default in debian/devuan and a default install (desktop, sever, minimal, netinstall) has all ports open unless you install at least iptables*. I would recommend you to try arno-iptables-firewall, i use it on every box, be it desktop, server or router, it is easy to setup as it has a builtin config frontend (but it could be tweaked at your liking by editing the config files). Starting it is as easy as: service arno-iptables-firewall start to stop: service arno-iptables-firewall stop to reconfigure dpkg-reconfigure arno-iptables-firewall Hope this helps. Ciao, Tito ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
On Mon, 2021-02-22 at 09:22 -1000, Joel Roth via Dng wrote: > I use this to remove all rules: > > iptables -P INPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -P OUTPUT ACCEPT > iptables -t nat -F > iptables -t mangle -F > iptables -F > iptables -X > > I can't speak for the provenance, but afterwards > iptables -n -L, shows ACCEPT for INPUT, OUTPUT and FORWARD, > with no other rules. > > > -- > Joel Roth I do similar. I purge any firewalls and use iptables exclusively. Steve, one thing that's definitely important is for the host to have -P FORWARD ACCEPT in order for the VM to receive traffic. This is of course because it's acting as a bridge or switch between the default gateway and the VM. I second iptables-persistent. I feel more comfortable handling IPTABLES than learning a firewall that's going to use IPTABLES (or nftables, same thing pretty much) in the background. Gabe ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
Hi Steve, I use this to remove all rules: iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X I can't speak for the provenance, but afterwards iptables -n -L, shows ACCEPT for INPUT, OUTPUT and FORWARD, with no other rules. -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
On Mon, 22 Feb 2021 10:29:50 -0500 Steve Litt wrote: > Hi all, > > I could probably web search this, but there's s much contradictory > stuff on the web, and I've been doing nothing but web searching for a > week now, and probably one of you knows it off the top of your head. > > On a Devuan machine, how do I turn off the firewall entirely, so all > ports are accessible? I need to do this for experimentation, not as a > permanent thing. I usually use iptables-persistent to manage the firewall, which is very handy in your case, as you can have several rulesets and just activate the currently preferred one by executing $ iptables-restore < /path/to/ruleset resp. $ ip6tables-restore < /path/to/ruleset For the case I want to "disable" the firewall, I have a ruleset with only the default rules set to "ACCEPT". Reverting to the previous state (or any other ruleset) is done accordingly by just restoring the previously 'iptables-save'd config. When working remotely, using a terminal multiplexer (or just 'dtach'), with a simple oneliner script including the 'sleep' command it is easy to test a new configuration without the risk of permanently locking oneself out of the system: $ iptables-restore < testconfig && \ sleep 120 ; \ iptables-restore < provenconfig libre Grüße, Florian ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
Den 2021-02-22 kl. 16:39, skrev Federico Fanton via Dng: To completely reset the firewall, see this script: I dont arge with its function, but as I understood it (I have not yet transitioned myself) iptables is no longer the default tool. //PG ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
On Monday 22 February 2021 at 17:26:21, Federico Fanton via Dng wrote:
> On 22/02/21 17:19, Antony Stone wrote:
> >> for table in "${!chains[@]}"; do
> >>
> >> echo "${chains[$table]}" | tr : $"\n" | while IFS= read -r; do
> >>
> >> iptables -t "$table" -P "$REPLY" ACCEPT
> >>
> >> done
> >> iptables -t "$table" -F
> >> iptables -t "$table" -X
> >>
> >> done
> >
> > I do not understand the purpose of $REPLY in that script.
>
> It will contain the name of the chain to be passed to iptables -P.
Hm, interesting. This is some magic facility of bash that I've never come
across. I would have expected to see the variable REPLY being assigned to
somewhere or other...
On the other hand, a review of the bash man page tells me that this is what
'read' does if you don't tell it what to read into. Heh :)
Antony.
--
One tequila, two tequila, three tequila, floor.
Please reply to the list;
please *don't* CC me.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
On 22/02/21 17:19, Antony Stone wrote:
for table in "${!chains[@]}"; do
echo "${chains[$table]}" | tr : $"\n" | while IFS= read -r; do
iptables -t "$table" -P "$REPLY" ACCEPT
done
iptables -t "$table" -F
iptables -t "$table" -X
done
I do not understand the purpose of $REPLY in that script.
It will contain the name of the chain to be passed to iptables -P.
This is what the script calls on my system:
iptables -t raw -P PREROUTING ACCEPT
iptables -t raw -P OUTPUT ACCEPT
iptables -t raw -F
iptables -t raw -X
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -F
iptables -t mangle -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P INPUT ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -F
iptables -t nat -X
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -F
iptables -t filter -X
iptables -t security -P INPUT ACCEPT
iptables -t security -P FORWARD ACCEPT
iptables -t security -P OUTPUT ACCEPT
iptables -t security -F
iptables -t security -X
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
On Monday 22 February 2021 at 16:39:12, Federico Fanton via Dng wrote:
> On 22/02/21 16:29, Steve Litt wrote:
> > On a Devuan machine, how do I turn off the firewall entirely, so all
> > ports are accessible? I need to do this for experimentation, not as a
> > permanent thing.
>
> To completely reset the firewall, see this script:
>
> #!/usr/bin/env bash
> set -eu
> declare -A chains=(
> [filter]=INPUT:FORWARD:OUTPUT
> [raw]=PREROUTING:OUTPUT
> [mangle]=PREROUTING:INPUT:FORWARD:OUTPUT:POSTROUTING
> [security]=INPUT:FORWARD:OUTPUT
> [nat]=PREROUTING:INPUT:OUTPUT:POSTROUTING
> )
> for table in "${!chains[@]}"; do
> echo "${chains[$table]}" | tr : $"\n" | while IFS= read -r; do
> iptables -t "$table" -P "$REPLY" ACCEPT
> done
> iptables -t "$table" -F
> iptables -t "$table" -X
> done
I do not understand the purpose of $REPLY in that script.
> (from https://gist.github.com/x-yuri/da5de61959ae118900b685fed78feff1 )
No explanation of anything there... :(
Antony.
--
Tax inspectors are just accountants who work for the evil dictators of
democracy.
Please reply to the list;
please *don't* CC me.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How to turn off the firewall
On 22/02/21 16:29, Steve Litt wrote:
On a Devuan machine, how do I turn off the firewall entirely, so all
ports are accessible? I need to do this for experimentation, not as a
permanent thing.
To completely reset the firewall, see this script:
#!/usr/bin/env bash
set -eu
declare -A chains=(
[filter]=INPUT:FORWARD:OUTPUT
[raw]=PREROUTING:OUTPUT
[mangle]=PREROUTING:INPUT:FORWARD:OUTPUT:POSTROUTING
[security]=INPUT:FORWARD:OUTPUT
[nat]=PREROUTING:INPUT:OUTPUT:POSTROUTING
)
for table in "${!chains[@]}"; do
echo "${chains[$table]}" | tr : $"\n" | while IFS= read -r; do
iptables -t "$table" -P "$REPLY" ACCEPT
done
iptables -t "$table" -F
iptables -t "$table" -X
done
(from https://gist.github.com/x-yuri/da5de61959ae118900b685fed78feff1 )
Bye!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] How to turn off the firewall
Hi all, I could probably web search this, but there's s much contradictory stuff on the web, and I've been doing nothing but web searching for a week now, and probably one of you knows it off the top of your head. On a Devuan machine, how do I turn off the firewall entirely, so all ports are accessible? I need to do this for experimentation, not as a permanent thing. Thanks, SteveT Steve Litt Autumn 2020 featured book: Thriving in Tough Times http://www.troubleshooters.com/thrive ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Fwd: Distribution upgrade issue
Putting this back on list. I still think you are doing it wrong, after changing your sources.list(s) you should, at least apt-get update apt-get upgrade apt-get dist-upgrade I dont mean that this is your problem, but it could be. //PG Vidarebefordrat meddelande Ämne: Re: [DNG] Distribution upgrade issue Datum: Mon, 22 Feb 2021 04:19:29 -0500 Från: Curtis Maurand Till: Pontus Goffe did i mention that i startrd with ascii. apt-get update apt-get upgrade restart take snapshot edit /etc/sources.list apt-get install devuan-keyring apt-get dist-upgrade roundcube has dependencies on th LAMP stack and shouldn’t be upgraded before it in the sequence. that’s all i’m saying. Sent from my iPhone On Feb 22, 2021, at 2:21 AM, Pontus Goffe via Dng wrote: Den 2021-02-22 kl. 02:25, skrev Curtis Maurand via Dng: Steps for the upgrade. 1. patch system to latest ascii patch level. apt-get update && apt-get upgrade 2. edit the /etc/apt/sources.list to change the ascii entries to beowulf and I commented out the source package entries. 3. apt-get install devuan-keyring (error, already installed) 4. apt-get update 5. apt-get dist-upgrade I think you are supposed to have a 4b, "apt-get upgrade" in between. //PG ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
