Re: firewalld and source/dest rules?

[James Hogarth]

On 17 Jan 2016 16:28, "Alex"  wrote:
>
> Hi,
> I have a fedora23 system and just starting to learn how firewalld
> works. None of the documentation really discusses how to add rules
> from a specific source (the -s option with iptables).
>
> Is this not what firewalld was intended to do?
>
> How do I restrict access to ssh or dns only from specific remote IP
addresses?
>

Create a zone for that source network and then apply the rules to that.

Have a read of this and see if it helps clear a few things up:

https://www.hogarthuk.com/?q=node/9
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

[389-users] Weird issue with searching cn=config

[Prashant Bapat]

Hi,

There close to a dozen 389-DS as part of our FreeIPA infra. On one of these
servers, I'm encountering a strange problem.

We monitor the state of replication among the 389 servers using a
python-ldap based script. This works on all servers except 1.

What I'm doing is fairly basic. Something along lines of ;

ldapsearch -x -b cn=config '(objectclass=nsds5replicationagreement)'
nsds5replicaLastUpdateStatus -LLL -o ldif-wrap=no

Corresponding python code is below;

conn.search_s("cn=config" ,ldap.SCOPE_SUBTREE,
'(objectclass=nsds5replicationagreement)', ["nsDS5ReplicaHost",
"nsds5replicaLastUpdateStatus", "nsds5replicaLastUpdateStart",
"nsds5replicaLastUpdateEnd"])

Now for the strange issue.

The above commands return the status of replication on all servers except 1
which returns an empty response. This happens only for the python and the
example perl script here
.
The ldapsearch command works fine!!!

Below is the log from a server where this runs fine.

[18/Jan/2016:07:09:19 +] conn=420951 fd=564 slot=564 connection from
::1 to ::1
[18/Jan/2016:07:09:19 +] conn=420951 op=0 BIND dn="" method=128
version=3
[18/Jan/2016:07:09:19 +] conn=420951 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[18/Jan/2016:07:09:19 +] conn=420951 op=1 SRCH base="cn=config" scope=2
filter="(objectClass=nsds5replicationagreement)" attrs="nsDS5ReplicaHost
nsds5replicaLastUpdateStatus nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd"
[18/Jan/2016:07:09:19 +] conn=420951 op=1 RESULT err=0 tag=101
nentries=3 etime=0
[18/Jan/2016:07:09:19 +] conn=420951 op=2 UNBIND
[18/Jan/2016:07:09:19 +] conn=420951 op=2 fd=564 closed - U1

Below is the log from the 1 server where this fails.

[18/Jan/2016:07:05:20 +] conn=226 fd=80 slot=80 connection from ::1 to
::1
[18/Jan/2016:07:05:20 +] conn=226 op=0 BIND dn="" method=128 version=3
[18/Jan/2016:07:05:20 +] conn=226 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
[18/Jan/2016:07:05:20 +] conn=226 op=1 SRCH base="cn=config" scope=2
filter="(objectClass=nsds5replicationagreement)" attrs="nsDS5ReplicaHost
nsds5replicaLastUpdateStatus nsds5replicaLastUpdateStart
nsds5replicaLastUpdateEnd"
[18/Jan/2016:07:05:20 +] conn=226 op=1 RESULT err=0 tag=101 nentries=0
etime=0
[18/Jan/2016:07:05:20 +] conn=226 op=2 UNBIND
[18/Jan/2016:07:05:20 +] conn=226 op=2 fd=80 closed - U1

I have an ACI which allows anonymous access to the replication info.

Version is : 389-ds-base-1.3.3.13-1.fc21.x86_64

Any help would be appreciated.

Thanks.
--Prashant
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org

Re: WARNING you cannot build info or html versions of the R manuals

[Rolf Turner]

On 18/01/16 01:45, Heinz Diehl wrote:

On 16.01.2016, Rolf Turner wrote:


 sudo yum install texinfo



Package texinfo-4.13a-16.fc17.x86_64 already installed and latest version
Nothing to do


Try with the associated texinfo-devel package.



At first I thought "Duh!!! Of course!!!"  Then I tried

sudo yum install texinfo-devel

and got


No package texinfo-devel available.
Error: Nothing to do


I then tried checking with

yum whatprovides texinfo-devel

and got


No Matches found


(so I guess I can't start the fire! :-) )

Thus I am again at a loss.  Any further suggestions?

cheers,

Rolf Turner

--
Technical Editor ANZJS
Department of Statistics
University of Auckland
Phone: +64-9-373-7599 ext. 88276
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Lexar jumpdrive and Linux support

[Chris Murphy]

On Sat, Jan 16, 2016 at 10:15 AM, Alex  wrote:
> Hi,
>
> I just purchased a Lexar Jumpdrive S25 2x32GB USB sticks and just
> noticed it has some kind of built-in encryption. Any chance it's
> supported with Linux? What is it exactly?
>
> Before I open the package, I thought I'd post a message to see what
> people's experience has been with them?
>
> I didn't notice the encryption support until after I purchased it. I
> thought I recalled there being a problem with some USB sticks with
> encryption and support for Linux, so I thought I'd see if that was
> still the case before opening the package.


http://www.lexar.com/flash-drives/jumpdrive-s25
http://www.encryptstick.com/home-2/what-is-encryptstick-3/

It's software based, so I'd guess you can just choose to not use it.
Encryptstick isn't normally free, so what you're getting with this
product is bundled license for the software. There is a Linux version
on their download page. The only advantage I can think of over LUKS is
cross platform support, but I didn't look into enough to know if
that's in fact a feature of the product.



-- 
Chris Murphy
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

[389-users] Max password length

[Andy Spooner]

Hi
Does anyone know where I can find the setting for password maximum length?
Check Password Syntax details the minimum length but not the maximum length.

Kind regards
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Tim]

Allegedly, on or about 17 January 2016, Robert P. J. Day sent:
> by "firmware", do you mean BIOS? no, it doesn't. the BIOS sees both
> the primary (regular) hard drive, and the CD/DVD device. that's it. 

Are the other drive ports enabled in the BIOS?  And are they set to
detect a drive?

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64

Boilerplate:  All mail to my mailbox is automatically deleted, there is
no point trying to privately email me, I only get to see the messages
posted to the mailing list.

Linux servers are always being dæmonised...



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

[389-users] Re: Max password length

[William Brown]

On Sun, 2016-01-17 at 22:16 +, Andy Spooner wrote:
> Hi
> Does anyone know where I can find the setting for password maximum
> length?
> Check Password Syntax details the minimum length but not the maximum
> length.


You should not set a password maximum length. By setting a maximum
length, you are essentially confining the search space of your users
passwords to an upper bound. This is really bad, and may aid an
attacker.

You should set a minimum length and quality requirements, however
generally the longer the password, the better as each additional
character adds more entropy and makes the passwords harder to attack.

As a result, directory server does not support a maximum length field
on a password.

-- 
Sincerely,

William Brown
Software Engineer
Red Hat, Brisbane



signature.asc
Description: This is a digitally signed message part
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org

Re: WARNING you cannot build info or html versions of the R manuals

[Heinz Diehl]

On 16.01.2016, Rolf Turner wrote: 

> sudo yum install texinfo

> > Package texinfo-4.13a-16.fc17.x86_64 already installed and latest version
> > Nothing to do

Try with the associated texinfo-devel package.

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Earl A Ramirez]

Hello Robert,

A few of us are experiencing a few issues with these laptop (I have the
same exact model); it will be best to file a bug for this.

Do you mind sharing what you have done to get it to this state, I have
tried kernel 4.3.x from the testing repo and the laptop will not boot. I
went ahead an try kernel 4.4.x (rawhide) and the laptop boot only once and
after that I have only been getting a blank screen. I am currently using
kernel 4.2.300 (obsolete soon) and have to append
i915.preliminary_hw_support=1 to the kernel argument; however, the touch
pad works.

I have only file a bug for kernel 4.3 from the testing repo, but I hope to
file all these bugs within a day or two.


-- 
Kind Regards
Earl Ramirez
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

[389-users] Re: 389 and TLS woes

[Paul Whitney]

Phil,

It looks like you are missing a package.  Do you have the NSS package installed?

Cheers,

Paul M. Whitney
paul.whit...@mac.com

Sent from my Mac Book Pro

> On Jan 15, 2016, at 1:03 PM, Phil Daws  wrote:
> 
> Hello all:
> 
> Have tried to get my lab set up with 389 and secure connections multiple 
> times now with disasterous results; and yes have tried to follow 
> http://www.port389.org/docs/389ds/howto/howto-ssl.html
> 
> Here is a very brief walkthrough of what I did:
> 
> * from my PKI created four certificates - node1 admin and node2 directory + 
> node2 admin and node2 directory certificates
> * on both node1 and node2 installed the following packages:
> 
> [root@ads01 ~]# rpm -qa | grep 389
> 389-adminutil-1.1.22-1.el7.x86_64
> 389-ds-base-1.3.4.0-21.el7_2.x86_64
> 389-admin-console-1.1.10-1.el7.noarch
> 389-console-1.1.9-1.el7.noarch
> 389-ds-base-libs-1.3.4.0-21.el7_2.x86_64
> 389-admin-1.1.42-1.el7.x86_64
> 389-ds-console-1.2.12-1.el7.noarch
> 
> * on node1 ran setup-ds-admin.pl and configured the initial directory server
> * on node1 configured the admin to use TLS + the directory server so that it 
> bound to 636
> * on node2 ran setup-ds-admin.pl and joined the directory server on node1
> * on node2 configured the admin to use TLS
> * on node2 launch 389-console using https and then try to connect too the 
> directory server on node2 and it just hangs and fails with an SSL error over 
> and over:
> 
> [Fri Jan 15 17:22:14.391824 2016] [:crit] [pid 705:tid 140640199088192] 
> sslinit: NSS is required to use LDAPS, but security initialization failed 
> [-8015:The certificate/key database is in an old, unsupported format or 
> failed to open.].
> 
> How does one perform an install, with two nodes, that each has an 
> administration instance plus a directory server running TLS on 636 ??  Have 
> not even been able to attempt multi-master replication yet :(
> 
> All help appreciated.  Thanks, Phil
> 
> 
> --
> 389 users mailing list
> 389-users@%(host_name)s
> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org



signature.asc
Description: Message signed with OpenPGP using GPGMail
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Robert P. J. Day]

Quoting Earl A Ramirez :


Hello Robert,

A few of us are experiencing a few issues with these laptop (I have the
same exact model); it will be best to file a bug for this.

Do you mind sharing what you have done to get it to this state, I have
tried kernel 4.3.x from the testing repo and the laptop will not boot. I
went ahead an try kernel 4.4.x (rawhide) and the laptop boot only once and
after that I have only been getting a blank screen. I am currently using
kernel 4.2.300 (obsolete soon) and have to append
i915.preliminary_hw_support=1 to the kernel argument; however, the touch
pad works.

I have only file a bug for kernel 4.3 from the testing repo, but I hope to
file all these bugs within a day or two.


  i can file a bug as well, or just "me, too" on yours. first, though, i
want to make sure i'm not overlooking something trivially easy for this
laptop to see the M.2 512G SSD drive i added.

  so, again, anyone have some advice on how to get fedora 23 to see this
M.2-format SSD drive in my new ASUS laptop?

http://www.canadacomputers.com/product_info.php?cPath=179_1229_1296_id=073365

"dmesg" doesn't seem to see it, and neither does "lsblk" or "lshw".
any suggestions?

rday


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Robert P. J. Day]

  just replaced an older ASUS laptop with one of these:

http://www.canadacomputers.com/product_info.php?cPath=710_577_1199_id=088275

and working my way through the inevitable configuration issues with a  
new (and fully-updated) fedora 23. so far, two issues i'd like to  
resolve.


  first, not sure how to turn on the keyboard backlight for the  
laptop's keyboard. i typically use an external USB keyboard, and i use  
"xset led 3" to get backlighting for that, but i haven't figured out  
how to do the same for

the laptop keyboard.

  and second, i added a M.2 format 512G ADATA SSD in one of the two
available slots for that form factor:

http://www.canadacomputers.com/product_info.php?cPath=179_1229_1296_id=073365

but f23 doesn't see the device at all -- nothing from "lsblk". anyone know
the configuration or driver needed for that kind of SSD?

  thank you kindly.

rday




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Robert P. J. Day]

Quoting Tom Horsley :


On Sun, 17 Jan 2016 09:03:16 -0500
Robert P. J. Day wrote:


"dmesg" doesn't seem to see it, and neither does "lsblk" or "lshw".
any suggestions?


This sounds almost like it has no power. Maybe something isn't
making a good connection. Is there another machine you could try it
in? If you are dual booting, does the other OS see it?


  no dual booting, and i have no other box to try it in, nothing else
i own has slots for that form factor of SSD. i'm trying to figure out
if there is some sort of H/W switch i need to throw. if anyone else
has a laptop that accepts that form factor, did you need to do
anything special to see it?

rday


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

[389-users] Re: 389 and TLS woes

[Rob Crittenden]

Phil Daws wrote:
> Hello all:
> 
> Have tried to get my lab set up with 389 and secure connections multiple 
> times now with disasterous results; and yes have tried to follow 
> http://www.port389.org/docs/389ds/howto/howto-ssl.html
> 
> Here is a very brief walkthrough of what I did:
> 
> * from my PKI created four certificates - node1 admin and node2 directory + 
> node2 admin and node2 directory certificates
> * on both node1 and node2 installed the following packages:
> 
> [root@ads01 ~]# rpm -qa | grep 389
> 389-adminutil-1.1.22-1.el7.x86_64
> 389-ds-base-1.3.4.0-21.el7_2.x86_64
> 389-admin-console-1.1.10-1.el7.noarch
> 389-console-1.1.9-1.el7.noarch
> 389-ds-base-libs-1.3.4.0-21.el7_2.x86_64
> 389-admin-1.1.42-1.el7.x86_64
> 389-ds-console-1.2.12-1.el7.noarch
> 
> * on node1 ran setup-ds-admin.pl and configured the initial directory server
> * on node1 configured the admin to use TLS + the directory server so that it 
> bound to 636
> * on node2 ran setup-ds-admin.pl and joined the directory server on node1
> * on node2 configured the admin to use TLS
> * on node2 launch 389-console using https and then try to connect too the 
> directory server on node2 and it just hangs and fails with an SSL error over 
> and over:
> 
> [Fri Jan 15 17:22:14.391824 2016] [:crit] [pid 705:tid 140640199088192] 
> sslinit: NSS is required to use LDAPS, but security initialization failed 
> [-8015:The certificate/key database is in an old, unsupported format or 
> failed to open.].

Double-check that the user that 389-ds runs as has read permissions to
the NSS database.

> 
> How does one perform an install, with two nodes, that each has an 
> administration instance plus a directory server running TLS on 636 ??  Have 
> not even been able to attempt multi-master replication yet :(
> 
> All help appreciated.  Thanks, Phil
>
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Fred Erickson]

On Sun, 17 Jan 2016 09:33:29 -0500
"Robert P. J. Day"  wrote:

> Quoting Tom Horsley :
> 
> > On Sun, 17 Jan 2016 09:03:16 -0500
> > Robert P. J. Day wrote:
> >  
> >> "dmesg" doesn't seem to see it, and neither does "lsblk" or "lshw".
> >> any suggestions?  
> >
> > This sounds almost like it has no power. Maybe something isn't
> > making a good connection. Is there another machine you could try it
> > in? If you are dual booting, does the other OS see it?  
> 
>no dual booting, and i have no other box to try it in, nothing else
> i own has slots for that form factor of SSD. i'm trying to figure out
> if there is some sort of H/W switch i need to throw. if anyone else
> has a laptop that accepts that form factor, did you need to do
> anything special to see it?
> 
> rday

Does the computer firmware see it? You didn't mention that so thought
I'd ask.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Tom Horsley]

On Sun, 17 Jan 2016 09:03:16 -0500
Robert P. J. Day wrote:

> "dmesg" doesn't seem to see it, and neither does "lsblk" or "lshw".
> any suggestions?

This sounds almost like it has no power. Maybe something isn't
making a good connection. Is there another machine you could try it
in? If you are dual booting, does the other OS see it?
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Robert P. J. Day]

Quoting Fred Erickson :


On Sun, 17 Jan 2016 09:33:29 -0500
"Robert P. J. Day"  wrote:


Quoting Tom Horsley :

> On Sun, 17 Jan 2016 09:03:16 -0500
> Robert P. J. Day wrote:
>
>> "dmesg" doesn't seem to see it, and neither does "lsblk" or "lshw".
>> any suggestions?
>
> This sounds almost like it has no power. Maybe something isn't
> making a good connection. Is there another machine you could try it
> in? If you are dual booting, does the other OS see it?

   no dual booting, and i have no other box to try it in, nothing else
i own has slots for that form factor of SSD. i'm trying to figure out
if there is some sort of H/W switch i need to throw. if anyone else
has a laptop that accepts that form factor, did you need to do
anything special to see it?

rday


Does the computer firmware see it? You didn't mention that so thought
I'd ask.


  by "firmware", do you mean BIOS? no, it doesn't. the BIOS sees both the
primary (regular) hard drive, and the CD/DVD device. that's it.

  or do you mean something else?

rday


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: working my way through quirks with fedora 23 on new ASUS gaming laptop G752VL-DH71

[Fred Erickson]

On Sun, 17 Jan 2016 10:25:00 -0500
"Robert P. J. Day"  wrote:

> Quoting Fred Erickson :
> 
> > On Sun, 17 Jan 2016 09:33:29 -0500
> > "Robert P. J. Day"  wrote:
> >  
> >> Quoting Tom Horsley :
> >>  
> >> > On Sun, 17 Jan 2016 09:03:16 -0500
> >> > Robert P. J. Day wrote:
> >> >  
> >> >> "dmesg" doesn't seem to see it, and neither does "lsblk" or
> >> >> "lshw". any suggestions?  
> >> >
> >> > This sounds almost like it has no power. Maybe something isn't
> >> > making a good connection. Is there another machine you could try
> >> > it in? If you are dual booting, does the other OS see it?  
> >>
> >>no dual booting, and i have no other box to try it in, nothing
> >> else i own has slots for that form factor of SSD. i'm trying to
> >> figure out if there is some sort of H/W switch i need to throw. if
> >> anyone else has a laptop that accepts that form factor, did you
> >> need to do anything special to see it?
> >>
> >> rday  
> >
> > Does the computer firmware see it? You didn't mention that so
> > thought I'd ask.  
> 
>by "firmware", do you mean BIOS? no, it doesn't. the BIOS sees
> both the primary (regular) hard drive, and the CD/DVD device. that's
> it.
> 
>or do you mean something else?
> 
> rday

I don't have a machine with UEFI firmware only BIOS. But, if BIOS/UEFI
doesn't see a drive, the OS isn't going to be able to see it either.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

firewalld and source/dest rules?

[Alex]

Hi,
I have a fedora23 system and just starting to learn how firewalld
works. None of the documentation really discusses how to add rules
from a specific source (the -s option with iptables).

Is this not what firewalld was intended to do?

How do I restrict access to ssh or dns only from specific remote IP addresses?

I've found the "rich" rules, but if I have to create rules at the port
level without any association to the service, then I don't understand
the point of using it. In other words, it appears necessary to add
additional manual rules, while also having to "--add-service=dns"
instead of the dns service taking care of it all in the first place.

In other words, to create a "rich" rule for dns, it appears necessary to do:

firewall-cmd --add-rich-rule='rule family="ipv4" source
address="192.168.1.0/24" port port=53 protocol="tcp" accept'
--permanent
firewall-cmd --add-rich-rule='rule family="ipv4" source
address="192.168.1.0/24" port port=53 protocol="udp" accept'
--permanent

and that also doesn't provide the ability to control the "state" of the packets.

Thanks for any ideas.
Alex
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: firewalld and source/dest rules?

[Richard Shaw]

I'm not sure if I completely understand what you're asking but as far as I
know (unless it's changed) firewalld can't handle source ports, only
destination ports.

I have a home build DVR where I use HDHomeRun network based tuners. For
them the source port is specified and the destination port it random
(coming back to the computer) and after some research found that they could
not be used with firewalld because of it so I had to switch back to
iptables with something like:

-A INPUT -m state --state NEW -m udp -p udp --sport 5002 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --sport 5004 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --sport 65001 -j ACCEPT

Thanks,
Richard
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org