Adam Carter gmail.com> writes:
> Anyone advocating stateless firewalls in 2013 deserves scrutiny. I would
> be asking for some evidence there is a performance issue, and that the
> best solution to the problem is to turn off stateful inspection.
There are lots of tools and approaches to secu
On 20 May 2013, at 13:54, Tamer Higazi wrote:
>
>> Stupid question, but did you run emerge as root or with sudo?
>
> answer to stupid response:
>
> as a normal user you wouldn't be capable to merge anything.
>
> OF COURSE I DID IT AS ROOT!
I was reluctant to reply at first, but since you hav
> "D" == Dale writes:
D> I thought about renaming my config to *.old and trying that. Thing is,
D> I have YEARS worth of emails on here that I don't want to lose or anything.
Start it with:
seamonkey -no-remote -ProfileManager
create a new profile and then start that profile.
Does i
Anyone advocating stateless firewalls in 2013 deserves scrutiny. I would be
asking for some evidence there is a performance issue, and that the best
solution to the problem is to turn off stateful inspection.
On Tue, May 21, 2013 at 12:53 PM, Nick Khamis wrote:
> Neal,
>
> As for the --sport flag for OUTPUT, should it not be left arbitrary?
> The SSH daemon should use unprivileged ports between 1024 and 65535.
> The only daemon I know thus far that does not is NTP which is
> hardwired to 123 both ways
Michael Orlitzky wrote:
> On 05/20/2013 07:08 PM, Dale wrote:
>> Howdy,
>>
>> I noticed over the past few weeks a interesting issue. When I leave
>> Seamonkey open for several hours, it looses its connection to the
>> internet. If I open Firefox, it works fine. I can ping in a Konsole
>> too. I
On 05/20/2013 07:08 PM, Dale wrote:
> Howdy,
>
> I noticed over the past few weeks a interesting issue. When I leave
> Seamonkey open for several hours, it looses its connection to the
> internet. If I open Firefox, it works fine. I can ping in a Konsole
> too. In Seamonkey tho, not even a sim
Neil Bothwick wrote:
> On Tue, 21 May 2013 12:09:41 -0500, Dale wrote:
>
>> I thought about renaming my config to *.old and trying that. Thing is,
>> I have YEARS worth of emails on here that I don't want to lose or
>> anything.
> Create another user and see how it works for them. That way your co
On Tue, 21 May 2013 12:09:41 -0500, Dale wrote:
> I thought about renaming my config to *.old and trying that. Thing is,
> I have YEARS worth of emails on here that I don't want to lose or
> anything.
Create another user and see how it works for them. That way your config
stays untouched.
> I w
Neil Bothwick wrote:
> On Tue, 21 May 2013 07:45:28 -0700, Fast Turtle wrote:
>
>>> Under proxies, I have direct connection checked. I forgot to mention
>>> that even tho I checked it to make sure how it was set up. I hope
>>> this is something besides a bug since it affects both versions in the
Neal,
As for the --sport flag for OUTPUT, should it not be left arbitrary?
The SSH daemon should use unprivileged ports between 1024 and 65535.
The only daemon I know thus far that does not is NTP which is
hardwired to 123 both ways.
Thanks Guys,
Nick.
Hello Everyone,
Thank you so much for your responses. I agree Alan, total pain in the
neck!!! But it's a ticket that was passed down to me. We moved the
stateful firewalls inside the network, broken down to each department.
But as a first on site defense on our BGP router running Quagga, we
only
On 5/21/13, Neal Murphy wrote:
> You still aren't accepting *each* direction. Either accept each direction
> with
> explicit rules or rewrite the rules so they apply to both directions at
> once.
> The former is probably easier to understand months later, even though it is
>
> more verbose.
>
> Me
On 21-May-13 17:07, Nick Khamis wrote:
We recently moved our stateful firewall inside, and would like to
strip down the firewall at our router connected to the outside world.
The problem I am experiencing is getting things to work properly
without connection tracking. I hope I am not in breach of
On 21/05/2013 18:01, Nick Khamis wrote:
> For testing purposes I changed the ssh rule to:
>
> -A TCP -p tcp -m tcp --dport 22 -j ACCEPT
> -A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP
>
> And still no go. As mentioned before, everything works fine until I
> try to close up t
On 21/05/2013 17:07, Nick Khamis wrote:
> Hello Everyone,
>
> We recently moved our stateful firewall inside, and would like to
> strip down the firewall at our router connected to the outside world.
> The problem I am experiencing is getting things to work properly
> without connection tracking.
>> Looks like the packet never gets to the tcp chain. what is --syn?
It seems that way I am not sure what --syn is actually. But even
if I comment it out it does not work. Also, for testing I changed the
SSH rule to allow bidirectional traffic until this is fixed:
-A TCP -p tcp -m tcp --dport
On Tue, 21 May 2013 07:45:28 -0700, Fast Turtle wrote:
> > Under proxies, I have direct connection checked. I forgot to mention
> > that even tho I checked it to make sure how it was set up. I hope
> > this is something besides a bug since it affects both versions in the
> > tree. :-?
> if it'
For testing purposes I changed the ssh rule to:
-A TCP -p tcp -m tcp --dport 22 -j ACCEPT
-A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP
And still no go. As mentioned before, everything works fine until I
try to close up the rest of the ports not opened up in the chains
"UDP"
Вторник, 21 мая 2013, 11:07 -04:00 от Nick Khamis :
> Hello Everyone,
>
> We recently moved our stateful firewall inside, and would like to
> strip down the firewall at our router connected to the outside world.
> The problem I am experiencing is getting things to work properly
> without connec
Hello Everyone,
We recently moved our stateful firewall inside, and would like to
strip down the firewall at our router connected to the outside world.
The problem I am experiencing is getting things to work properly
without connection tracking. I hope I am not in breach of mailing list
rules howe
On Mon, 20 May 2013 21:36:07 -0500
Dale wrote:
> Adam Carter wrote:
> >
> > What is the path that Seamonkey takes to get to the internet?
> >
> >
> > The path is determined by the proxy settings. If there's no proxy
> > configured its just straight out. Sounds like a bug to me.
>
> Under pro
On Mon, May 20, 2013 at 4:36 PM, Neil Bothwick wrote:
> Look at the modules link on the Rescue CD pages, it has a link to a ZFS
> module file. This includes a script to rebuild the ISO including the ZFS
> modules, I've used it several times with success, the only thing the
> documentation fails t
On Tue, 21 May 2013 02:42:08 +0200, Tamer Higazi wrote:
> walt, I am just confused because the entire system is totally unstable
> and I need to update it
Your original post mentioned a failure on just one package. If there is
a deeper problem you need to tell us about it.
--
Neil Bothwick
24 matches
Mail list logo
