Yeah I saw that tar file they offer. I wanted to use it with chef and just feed
shorewall some include files. Will see how it goes.
Cheers,
Sebastian
On 17.07.2014, at 22:48, M sysad...@tricubemedia.com wrote:
Shorewall firewall is based on iptables so it should work.
and this script gets
.
Will let everyone know what I find.
Dave M
From: Sebastian Grewe
Sent: Friday, July 18, 2014 12:43 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Firewall
Yeah I saw that tar file they offer. I wanted to use it with chef and just feed
shorewall some include files
*Subject:* Re: [qmailtoaster] Firewall
Yeah I saw that tar file they offer. I wanted to use it with chef and
just feed shorewall some include files. Will see how it goes.
Cheers,
Sebastian
On 17.07.2014, at 22:48, M sysad...@tricubemedia.com
mailto:sysad...@tricubemedia.com wrote:
Shorewall
, as I used to use this a long time ago,
and found many of the files inside the tar to be zero bytes.
Will let everyone know what I find.
Dave M
From: Sebastian Grewe
Sent: Friday, July 18, 2014 12:43 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Firewall
As a test only ( I honestly did remove the files after testing )
I modified the script, and added all countries ISO code, yup blocked the
planet.
In turn the script does download all zone files.
Put script back to normal
*ISO=af cn kr *
Temporarily I moved them to /var/zones directory
Well, I contacted ipdeny.com
Here is their updated Fair Use Policy
*IP*deny fair Usage Limits policy
Last reviewed: March 4, 2012
In order to offer equal and quality service to all public users
IPDENY.COM has implemented fair usage limits policy with the following
resource download
Hey Dave,
That's one great script there. I will have to check for that ipdeny.com list -
maybe I can also add it to shorewall somehow.
Cheers,
Sebastian
On 16.07.2014, at 21:02, M sysad...@tricubemedia.com wrote:
Hi list, recently i had a request for a VM for one of our qmailers.
Shorewall firewall is based on iptables so it should work.
and this script gets its data from :
DLROOT=*http://www.ipdeny.com/ipblocks/data/countries*;
Dave M
On 7/17/2014 10:28 AM, Sebastian Grewe wrote:
Hey Dave,
That's one great script there. I will have to check for that
ipdeny.com
Hi list*, *recently**i had a request for a VM for one of our qmailers.
Subsequently , after deployment, we found the VM to be compromised, so
hackers got in before I could secure the qmail VM.
I rebuilt the VM, and added My firewall rules , and sent it off
again. No probs this time.
I was
Hi Guys, trying to tighten up the qmail server more:
Can I close any of these ports: not sure waht they may be needed for:
tcp dpt:20
tcp dpt:21
tcp dpt:23
tcp dpt:43
udp dpt:123
tcp dpt:953
udp dpt:953
tcp dpt:993
tcp dpt:995
Thanks all
madmac
...@tricubemedia.com]
Sent: Tuesday, May 31, 2011 11:22 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] firewall rules
Hi Guys, trying to tighten up the qmail server more:
Can I close any of these ports: not sure waht they may be needed for:
tcp dpt:20
tcp dpt:21
tcp dpt:23
tcp dpt
IIRC you can close 20 and 21 (FTP), 23 (Telnet), 43 (whois), 123 (NTP).
This is of course unless you use any of these services. FTP can be
moved to a non standard port and will decrease attacks by 99%. 953,
993, and 995 are for secure mail transport.
On 05/31/2011 09:21 AM,
@qmailtoaster.com
*Subject:* [qmailtoaster] firewall rules
Hi Guys, trying to tighten up the qmail server more:
Can I close any of these ports: not sure waht they may be needed for:
tcp dpt:20
tcp dpt:21
tcp dpt:23
tcp dpt:43
udp dpt:123
tcp dpt:953
udp dpt:953
tcp dpt:993
tcp dpt:995
Thanks all
madmac
Thanks Cecil, Patrick, for the feed back,
I can safley close most of these.
Thanks again.
madmac
- Original Message -
From: Cecil Yother, Jr.
To: qmailtoaster-list@qmailtoaster.com
Sent: Tuesday, May 31, 2011 8:34 AM
Subject: Re: [qmailtoaster] firewall rules
IIRC you
Is there a way to block all of the apnic IP address blocks at one time?
I am seeing a lot of ssh attempts from China. Since I don't send or receive
email with China, I'd like to just block them at the firewall en mass (instead
of one net block at a time).
Any ideas?
Thanks,
Scott
I use a non standard port and that stops 99.99% of it. If you can't
do that there is a list out in the ether of IP's by nation and you can
put them in your iptables. You'll use whole subnets and not just
individual ips.
CJ
On 07/27/2010 05:31 AM, Scott Hughes wrote:
Is there a way to
On 27/07/2010 4:51 PM, Maxwell Smart wrote:
I use a non standard port and that stops 99.99% of it. If you can't
do that there is a list out in the ether of IP's by nation and you can
put them in your iptables. You'll use whole subnets and not just
individual ips.
CJ
On 07/27/2010 05:31
Thanks for the replies. I'll check into changing the port.
Scott
On Jul 27, 2010, at 8:51 AM, Maxwell Smart c...@yother.com wrote:
I use a non standard port and that stops 99.99% of it. If you can't do that
there is a list out in the ether of IP's by nation and you can put them in
your
On 07/27/2010 10:13 AM, Scott Hughes wrote:
Thanks for the replies. I'll check into changing the port.
Scott
On Jul 27, 2010, at 8:51 AM, Maxwell Smartc...@yother.com wrote:
I use a non standard port and that stops 99.99% of it. If you can't do that
there is a list out in the ether
-Original Message-
From: Scott Hughes [mailto:sonicscott9...@gmail.com]
Sent: Tuesday, July 27, 2010 7:32 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Firewall block
Is there a way to block all of the apnic IP address blocks at one time?
I am seeing a lot of ssh attempts
Jake,
I have been using fail2ban prior to having a QMT server. It's one of the best
defense programs I have seen!
With ssh, is it better to change the port number in the ssh configuration or at
the OS level?
Thanks,
Scott
On Jul 27, 2010, at 9:29 AM, Jake Vickers j...@qmailtoaster.com
On 07/27/2010 10:34 AM, Scott Hughes wrote:
Jake,
I have been using fail2ban prior to having a QMT server. It's one of the best
defense programs I have seen!
With ssh, is it better to change the port number in the ssh configuration or at
the OS level?
I change it in the SSH config
On Tuesday 27 July 2010 08:04 PM, Scott Hughes wrote:
Jake,
I have been using fail2ban prior to having a QMT server. It's one of the best
defense programs I have seen!
With ssh, is it better to change the port number in the ssh configuration or at
the OS level?
Thanks,
Scott
Change it
Thanks everyone I have it running now.
It is on a Centos system, I downloaded and ran the
firewall.shReboot and it come up on reboot correctly.
MadMac
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
Can any one tell me if the firewall is on with a default install of
qmail toaster.
I have ran :
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT
sysad...@tricubemedia.com wrote:
Can any one tell me if the firewall is on with a default install of
qmail toaster.
I have ran :
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source
Jake,
I've installed QMT a couple times now on new Centos and Fedora installs
and each time TCPrules is enabled and configured. Even though I opted for
now firewall or selinux. I just assumed it came from the QMT. No?
sysad...@tricubemedia.com wrote:
Can any one tell me if the firewall is
Phil Leinhauser wrote:
Jake,
I've installed QMT a couple times now on new Centos and Fedora installs
and each time TCPrules is enabled and configured. Even though I opted for
now firewall or selinux. I just assumed it came from the QMT. No?
If you follow one of the EZ Install
I meant iptables. Not sure where tcprules came from.
I did follow the install scripts and did install the firewall.sh so that's
where it came from.
Thanks
Phil Leinhauser wrote:
Jake,
I've installed QMT a couple times now on new Centos and Fedora installs
and each time TCPrules is enabled
, March 17, 2009 10:57 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Firewall
Can any one tell me if the firewall is on with a default install of
qmail toaster.
I have ran :
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain
[EMAIL PROTECTED] wrote:
I followed the qmailtoaster install here:
http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install
In that install a firewall file is created ( firewall.sh).
Do I need to move that to the /root/ directory, or is that loaded and
saved to the iptables?
PakOgah wrote:
[EMAIL PROTECTED] wrote:
I followed the qmailtoaster install here:
http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install
In that install a firewall file is created ( firewall.sh).
Do I need to move that to the /root/ directory, or is that loaded and
saved to
I followed the qmailtoaster install here:
http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install
In that install a firewall file is created ( firewall.sh).
Do I need to move that to the /root/ directory, or is that loaded and
saved to the iptables? Is it alright if I move it to
-config-securitylevel
Run the command to activate your SELINUX rules, or disabled it ...
- Original Message -
From: Ole J [EMAIL PROTECTED]
To: qmailtoaster-list@qmailtoaster.com
Sent: Thursday, May 10, 2007 4:19 AM
Subject: Re: [qmailtoaster] Firewall rules
No, it isnt behind other
[EMAIL PROTECTED] wrote:
Hello,
It seems i have trouble getting my email programs to connect when i have
the linux firewall on, centos 5 builtin firewall.
connection time out on whatever i try. pop3,imap,smtp, submission, ssl
Clues? I have checked the iptables and it should be ok, still
This server has official static ip
This is my iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j
No, it isnt behind other firewalls.
Warren (mailing lists) wrote:
Ole J wrote:
This server has official static ip
This is my iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
Hello,
It seems i have trouble getting my email programs to connect when i have
the linux firewall on, centos 5 builtin firewall.
connection time out on whatever i try. pop3,imap,smtp, submission, ssl
Clues? I have checked the iptables and it should be ok, still not
( yeah i have run
Have you disabled the SELinux on your Centos ?? Or you have to open some
port through the SELinux.
Hopefully that help
- Original Message -
From: [EMAIL PROTECTED]
To: qmailtoaster-list@qmailtoaster.com
Sent: Wednesday, May 09, 2007 6:06 AM
Subject: [qmailtoaster] Firewall rules
Can it hurt? What do you gain by disabling iptables on the box?
[EMAIL PROTECTED] wrote:
Hi;
I'm a newbie.
I have successfully installed qmailToaster on FC5 and got most of the
things working. My server is behind a NAT router/firewall with SPI and DoS
enabled.
I have forwarded the required
Eric;
The reason why I have disabled iptables during installation is simple, could
not ssh, could not do webmail or client connection from the same subnet.
Another post has pointed to my network vulnerability if somebody hacks to
my wireless, so I'm converted. If I use your addition to iptables,
It should work providing you specify the right IP address for your local
network. ;) Make sure that you add the line in the right place too, before
these packets are dropped.
Works for me.
George M. wrote:
Eric;
The reason why I have disabled iptables during installation is simple, could
Eric;
Just a confirmation for other newbie's, after applying your rule, it does
work as advertised - webmail, client, ssh etc.
Thanks for help.
George
It should work providing you specify the right IP address for your local
network. ;) Make sure that you add the line in the right place too,
may i ask, where would you put that rule in the right place in firewall.sh?
Eric Shubes wrote:
It should work providing you specify the right IP address for your
local network. ;) Make sure that you add the line in the right place
too, before these packets are dropped.
Works for me.
George
You may.
A: Just before the comment:
## Drop outside packets with local addresses - anti-spoofing measure
(That's why I left it in the part I snipped, as reference) Perhaps I didn't
make that very clear.
Chris Marcellin wrote:
may i ask, where would you put that rule in the right place in
ooops, stupid me, sorry, and thanx
Eric Shubes wrote:
You may.
A: Just before the comment:
## Drop outside packets with local addresses - anti-spoofing measure
(That's why I left it in the part I snipped, as reference) Perhaps I
didn't make that very clear.
Chris Marcellin wrote:
may i
No problem. We all have our moments.
Welcome!
Chris Marcellin wrote:
ooops, stupid me, sorry, and thanx
Eric Shubes wrote:
You may.
A: Just before the comment:
## Drop outside packets with local addresses - anti-spoofing measure
(That's why I left it in the part I snipped, as reference)
Hi;
I'm a newbie.
I have successfully installed qmailToaster on FC5 and got most of the
things working. My server is behind a NAT router/firewall with SPI and DoS
enabled.
I have forwarded the required ports from the NAT router to the server.
During installation process I have stopped iptables
George,
I'm speaking from the perspective of a networking guy, NOT an email
administrator. But, the answer (to borrow from the Simpsons) is yes with
an if, and no with a but.
Most hardware firewalls operate using what is known as stateful packet
inspection. The short description is: traffic is
Security is like an onion. If someone cuts through all your security,
you'll be in tears. However it also means that one should have many
layers.
Technically you don't need the iptables firewall. It won't give you
any more protection to the internet, but could provide protection from
within,
Hi list
i have just installed a test box for
qmail-toaster
am using fedora-core 5 and also an internal ip
address (ie 192.168...)!
Now the problem is that i can't access the box
using ssh, or even http://ip/admin-toaster/ , I cant even ping
the box anymore! all this was possible on this
, September 03, 2006 5:08 PM
Subject: [qmailtoaster] firewall
Hi list
i have just installed a iotest box for
qmail-toaster
am using fedora-core 5 and also an internal ip
address (ie 192.168...)!
Now the problem is that i can't access the box
using ssh, or even http://ip/admin-toaster/ , I cant even
Hi people - am trying the new toaster on a test machine and am encountering problems when I install the cnt40-svcs.sh I wont paste the entire thing, however theres seems to be command not founds on most of the commands, and once it gets to the MySQL install, I am getting 'Can't connect to local
:
qmailtoaster-list@qmailtoaster.comSubject: [qmailtoaster] Firewall
install problems
Hi people - am trying the new toaster on a test machine and am encountering
problems when I install the cnt40-svcs.sh
I wont paste the entire thing, however theres seems to be command not
founds on most of the commands
54 matches
Mail list logo