чт, 20 авг. 2020 г. в 15:46, Victor Ivanov :
>
> On 14/08/2020 01:03, Alexey Mishustin wrote:
> > groupadd noinet
> > usermod -a -G noinet
> > iptables -A OUTPUT -i -m owner --gid-owner noinet -j DROP
> >and calling not
> > Plex
> >but
> > sg noinet Plex
> >(or whatever name the
On 14/08/2020 01:03, Alexey Mishustin wrote:
> groupadd noinet
> usermod -a -G noinet
> iptables -A OUTPUT -i -m owner --gid-owner noinet -j DROP
>and calling not
> Plex
>but
> sg noinet Plex
>(or whatever name the binary has)
This is a very elegant generic solution, thank you for
On 8/16/20 5:07 AM, Neil Bothwick wrote:
Going OT here, but why do you dislike Docker? I've only recently
started using it, so if there are any major, or otherwise, drawbacks,
I'd like to know before I get too entwined in their ecosystem.
Why do I need one or more (more with older versions)
On Sun, 16 Aug 2020 07:26:36 -0400, Rich Freeman wrote:
> > Going OT here, but why do you dislike Docker? I've only recently
> > started using it, so if there are any major, or otherwise, drawbacks,
> > I'd like to know before I get too entwined in their ecosystem.
>
> It has been a while
On Sun, Aug 16, 2020 at 7:07 AM Neil Bothwick wrote:
>
> On Sat, 15 Aug 2020 12:22:19 -0600, Grant Taylor wrote:
>
> > I dislike Docker, but I do like the idea of containers or network
> > namespaces.
>
> Going OT here, but why do you dislike Docker? I've only recently started
> using it, so if
On Sat, 15 Aug 2020 12:22:19 -0600, Grant Taylor wrote:
> I dislike Docker, but I do like the idea of containers or network
> namespaces.
Going OT here, but why do you dislike Docker? I've only recently started
using it, so if there are any major, or otherwise, drawbacks, I'd like to
know
On 8/13/20 6:03 PM, Alexey Mishustin wrote:
Isn't this classic option suitable?
iptables -A OUTPUT -i -m owner --gid-owner noinet -j DROP
Ugh.
I'm sure that's a viable method to deal with the problem after the fact.
But I prefer to not have the problem in the first place. Thus no need
to
On 8/13/20 4:03 PM, Grant Edwards wrote:
I'm not sure what "go out of your way" means in this context. I assume
I'd create a network namespace for Plex, and then use either macvlan
or ipvlan to share one of the physical interaces between the root
namespace and the Plex namespace.
I've found
On Fri, 14 Aug 2020 22:06:01 - (UTC), Grant Edwards wrote:
> Even with the kernel rebuild it was far less work than getting set up
> to run a docker container (which also would have required a kernel
> rebuild) or running the server in a separate network namespace.
The thing with Docker is
On 2020-08-15, Sid Spry wrote:
> On Fri, Aug 14, 2020, at 5:06 PM, Grant Edwards wrote:
>> [...]
>>
>> > iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
>>
>> I can confirm, that did indeed work as desired.
>>
>> Even with the kernel rebuild it was far less work than getting set up
On Fri, Aug 14, 2020, at 5:06 PM, Grant Edwards wrote:
> On 2020-08-14, Grant Edwards wrote:
>
> > I think this should work, but I need to rebuild my kernel with the
> > iptables "owner" extension enabled:
> >
> > iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
>
> I can confirm,
On 2020-08-14, Grant Edwards wrote:
> I think this should work, but I need to rebuild my kernel with the
> iptables "owner" extension enabled:
>
> iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
I can confirm, that did indeed work as desired.
Even with the kernel rebuild it was far
пт, 14 авг. 2020 г. в 23:03, Grant Edwards :
> [For posterity's sake, with -A Output it's -o rather than
> -i ]
Ah, you are right! I am sorry, my iptables rule with 'noinet' doesn't
include an interface, I added it when typing the message and looked at
my rules with an interface from the INPUT
On 2020-08-14, Alexey Mishustin wrote:
> Isn't this classic option suitable?
>
> groupadd noinet
> usermod -a -G noinet
> iptables -A OUTPUT -i -m owner --gid-owner noinet -j DROP
>and calling not
> Plex
>but
> sg noinet Plex
>(or whatever name the binary has)
Thanks for the
Hi Grant,
Isn't this classic option suitable?
groupadd noinet
usermod -a -G noinet
iptables -A OUTPUT -i -m owner --gid-owner noinet -j DROP
and calling not
Plex
but
sg noinet Plex
(or whatever name the binary has)
--
Best regards,
Alex
On 2020-08-13, Sid Spry wrote:
> Sorry, I meant go out of your way to select more than one
> interface. I'm genuinely confused anyone would ever do that let
> alone Plex.
I assume they're using some sort of SSDP library that by default spews
on all available interfaces.
> Yes, you're right (as
On Thu, Aug 13, 2020, at 5:03 PM, Grant Edwards wrote:
> On 2020-08-13, Sid Spry wrote:
> > On Thu, Aug 13, 2020, at 4:33 PM, Grant Edwards wrote:
> >> How does one hide a network interface from a badly-written application?
> >>
> >> I'm using Plex Media Server as a DVR, it it seems to have been
On 2020-08-13, Sid Spry wrote:
> On Thu, Aug 13, 2020, at 4:33 PM, Grant Edwards wrote:
>> How does one hide a network interface from a badly-written application?
>>
>> I'm using Plex Media Server as a DVR, it it seems to have been written
>> by Windows programmers who assume that your computer
18 matches
Mail list logo
