Unsure...
If you enter the command 'iptables-save' at the command prompt it will just dump the current rules to standard output. The only issue that I'm aware of is that the firewall rules get reloaded on DHCP renewal, but it would be really strange if that occurred every few minutes (seconds?).
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Search found 1529 matches
- 03 May 2012, 07:36
- Forum: B2 & B3 Support
- Topic: Feeding new rules into IPtables
- Replies: 3
- Views: 5518
- 02 May 2012, 05:01
- Forum: B2 & B3 Support
- Topic: Feeding new rules into IPtables
- Replies: 3
- Views: 5518
Re: Feeding new rules into IPtables
That is in fact how the regular firewall operates. It uses 'iptables-save' and 'iptables-restore' to save and load the rules from the file '/etc/network/firewall.conf'. The firewall script itself is somewhat strange (and has been frowned upon): if you stop or restart the firewall it saves the curren...
- 01 May 2012, 07:37
- Forum: B2 & B3 Support
- Topic: Auto mounting / connecting USB disks
- Replies: 13
- Views: 18735
Re: Auto mounting / connecting USB disks
Well, the issue here would be the reliability of the source of this file (i.e. You). But yes, you are correct that the kernel source holds an error that causes the version magic to be incorrect. This is controlled by the Makefile and you should change that directly after pulling in the source (befor...
- 26 Apr 2012, 14:29
- Forum: B2 & B3 Support
- Topic: port forwarding for guildwars2
- Replies: 2
- Views: 6533
Re: port forwarding for guildwars2
What you did should be sufficient as far as the Bubba is concerned. Most likely the cause of the issue is with your workstation. First off: the application needs to be running to open up port 6112 - was that the case when you checked with `canyouseeme`? If you're not afraid of the DOS prompt you can...
- 22 Apr 2012, 03:20
- Forum: Howtos
- Topic: Fail2ban or csf ?
- Replies: 10
- Views: 23692
Re: Fail2ban or csf ?
Oh, but that's not the point. The geoip match is just a neat trick to limit as many people as possible without blocking myself when I'm in a known place with an unknown IP address. If you have no use for such a feature, then don't use it. The part that matches your particular search is the ipsets. T...
- 20 Apr 2012, 09:41
- Forum: Howtos
- Topic: Fail2ban or csf ?
- Replies: 10
- Views: 23692
Re: Fail2ban or csf ?
How about I create a package for the software you need, so you can go straight to the example firewall script?
- 19 Apr 2012, 08:25
- Forum: Howtos
- Topic: Fail2ban or csf ?
- Replies: 10
- Views: 23692
Populating the blacklist
I'm truly sorry. As said I have been experimenting with this setup in a VM and had not yet done any tests on the B3 itself. If you already installed ipset using aptitude then please remove it. You need to install from source to make this work. aptitude remove ipset cd /usr/src wget http://ipset.netf...
- 19 Apr 2012, 07:28
- Forum: Howtos
- Topic: Fail2ban or csf ?
- Replies: 10
- Views: 23692
Example firewall script
Here's an example script: #!/bin/sh # Which countries to allow access to private services GEOIP_ALLOWED=NL,BE # Names of the ipsets used by the firewall IPSETS="blacklist whitelist" # Which modules to load (some do not auto-load) MODULES="nf_conntrack_ftp ip_set ip_set_hash_ip xt_geoi...
- 18 Apr 2012, 10:09
- Forum: Howtos
- Topic: Fail2ban or csf ?
- Replies: 10
- Views: 23692
xtables-addons: Geoip
If you like to use the geoip match, you need to have a database (and maintain it regularly). Create the correct folder first (the location is hardcoded in the source): mkdir /usr/share/xt_geoip There are two scripts provided in the xtables-addons source to build the geoip database: a shell script th...
- 18 Apr 2012, 10:08
- Forum: Howtos
- Topic: Fail2ban or csf ?
- Replies: 10
- Views: 23692
xtables-addons and ipset
Okay then... Here's a small draft. Let's start with required software. You need 'xtables-addons' and 'ipset' and you want 'sudo' (you need to be root to run ipset). Since not all of these are in the excito repository, we'll need to update the sources list: # Create new file squeeze.list in the sourc...
- 18 Apr 2012, 09:56
- Forum: B2 & B3 Feature Requests
- Topic: Please remove xfrm and netkey from the kernel
- Replies: 7
- Views: 21979
Please remove xfrm and netkey from the kernel
I know people have been nagging for these modules, but please make them modules and not part of the kernel. I can now no longer operate my VPN because xfrm and netkey are blocking KLIPS.
- 18 Apr 2012, 09:54
- Forum: Howtos
- Topic: Openswan (ipsec vpn) on the B3
- Replies: 1
- Views: 10082
Re: Openswan (ipsec vpn) on the B3
PROBLEM! I found 2 issues trying to activate my config: 1: The kernel source is corrupted. While compiling the module, it is stamped with an incorrect kernel version, causing it not to load. The fix appears to be to run the following patch content before doing anything else with the source: --- Make...
- 17 Apr 2012, 12:51
- Forum: Howtos
- Topic: Display the HDD temperature in the web portal [patch]
- Replies: 33
- Views: 73233
Re: Display the HDD temperature in the web portal [patch]
New patch file...
unpack with command (I'm not allowed to attach a file with .patch extension)
unpack with command (I'm not allowed to attach a file with .patch extension)
Code: Select all
tar -xzf gui-hddtemp.tgz
- 17 Apr 2012, 10:46
- Forum: Howtos
- Topic: Fail2ban or csf ?
- Replies: 10
- Views: 23692
Re: Fail2ban or csf ?
According to the home page CSF may require rewriting some regex rules on Debian. Sounds like tricky business. Fail2ban seems more promising to me, but that may be because I like Shorewall - I wrote a little howto on running this on the B3 just a few topics down. I'm not sure about the "TCP-Wrap...
- 15 Apr 2012, 16:08
- Forum: B2 & B3 Support
- Topic: WD green / Load Cycle
- Replies: 6
- Views: 5890
Re: WD green / Load Cycle
Hate to budge in, but just rebooting is not sufficient according to the announcements. You have to shut down, actually pull the cord and reconnect after having waited for a few seconds.