shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

268
active users

#iptables

0 posts0 participants0 posts today
GNU/Linux.ch<p>iptables-Regeln erstellen und dauerhaft speichern (Iptables Teil 2)</p><p>In diesem Artikel erkläre ich, wie man eigene Firewall-Regeln mit iptables erstellt und dauerhaft speichert. Mit dabei: eine Einführung in die wichtigsten Begriffe wie INPUT, OUTPUT, DROP und conntrack. </p><p><a href="https://social.anoxinon.de/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a> <a href="https://social.anoxinon.de/tags/iptables_persistent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables_persistent</span></a> <a href="https://social.anoxinon.de/tags/Firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firewall</span></a> <a href="https://social.anoxinon.de/tags/Netzwerksicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Netzwerksicherheit</span></a> <a href="https://social.anoxinon.de/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.anoxinon.de/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a></p><p><a href="https://gnulinux.ch/iptables-regeln-erstellen-und-dauerhaft-speichern-iptables-teil-2" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gnulinux.ch/iptables-regeln-er</span><span class="invisible">stellen-und-dauerhaft-speichern-iptables-teil-2</span></a></p>
tinfoil-hat<p>Dropped a <strong>new Blogpost</strong> <a href="https://tinfoil-hat.net/posts/proxmox-server-vps-single-ip/" rel="nofollow noopener" target="_blank">https://tinfoil-hat.net/posts/proxmox-server-vps-single-ip/</a></p><p>Please tell me what you think about it :-)</p><p><a class="hashtag" href="https://social.tinfoil-hat.net/tag/blog" rel="nofollow noopener" target="_blank">#Blog</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/proxmox" rel="nofollow noopener" target="_blank">#Proxmox</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/debian" rel="nofollow noopener" target="_blank">#Debian</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/ssh" rel="nofollow noopener" target="_blank">#SSH</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/sslh" rel="nofollow noopener" target="_blank">#SSLH</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/lxc" rel="nofollow noopener" target="_blank">#LXC</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/nginx" rel="nofollow noopener" target="_blank">#Nginx</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/ipforwarding" rel="nofollow noopener" target="_blank">#IPForwarding</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/ufw" rel="nofollow noopener" target="_blank">#UFW</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/iptables" rel="nofollow noopener" target="_blank">#IPtables</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/openvpn" rel="nofollow noopener" target="_blank">#OpenVPN</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/reverseproxy" rel="nofollow noopener" target="_blank">#ReverseProxy</a> <a class="hashtag" href="https://social.tinfoil-hat.net/tag/letsencrypt" rel="nofollow noopener" target="_blank">#LetsEncrypt</a></p>
nigelI was trying to use <code>iptables</code> decided that life is too short for this hobbyist to go down that path, so installed <code>ufw</code> and saw there was an XMPP app profile when doing <code>ufw app list</code>.<br><br>Brilliant, this should be easy then!<br><b>WRONG.</b><br><br>This is what <code>ufw app info XMPP</code> gave:<br><br><pre>Profile: XMPP<br>Title: XMPP Chat<br>Description: XMPP protocol (Jabber and Google Talk)<br><br>Ports:<br> 5222/tcp<br> 5269/tcp<br></pre>Which is um... not many ports. And naturally broke things like image uploading.<br><br>So I wrote my own in a new file at /etc/ufw/applications.d/ufw-prosody like this:<br><br><pre>[Prosody]<br>title=Prosody XMPP<br>description=Prosody XMPP Server ports per https://prosody.im/doc/ports<br>ports=5000,5222,5223,5269,5270,5281/tcp<br></pre>Which after saving, doing <code>ufw app update Prosody</code>,<br>then <code>ufw app info Prosody</code> now gives:<br><br><pre>Profile: Prosody<br>Title: Prosody XMPP<br>Description: Prosody XMPP Server ports per https://prosody.im/doc/ports<br><br>Ports:<br> 5000,5222,5223,5269,5270,5281/tcp<br></pre><code>ufw allow Prosody</code> to apply (allow) the rules and all is well again.<br><br>❤️<br><a href="https://snac.lowkey.party?t=xmpp" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a> <a href="https://snac.lowkey.party?t=prosody" class="mention hashtag" rel="nofollow noopener" target="_blank">#Prosody</a> <a href="https://snac.lowkey.party?t=ufw" class="mention hashtag" rel="nofollow noopener" target="_blank">#ufw</a> <a href="https://snac.lowkey.party?t=iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#iptables</a> <a href="https://snac.lowkey.party?t=firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#firewall</a><br>
OSTechNix<p>How To Check And Secure Open Ports In Linux <a href="https://floss.social/tags/Linuxnetworking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linuxnetworking</span></a> <a href="https://floss.social/tags/Linuxsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linuxsecurity</span></a> <a href="https://floss.social/tags/Linuxadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linuxadmin</span></a> <a href="https://floss.social/tags/Linuxhowto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linuxhowto</span></a> <a href="https://floss.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://floss.social/tags/netstat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netstat</span></a> <a href="https://floss.social/tags/ss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ss</span></a> <a href="https://floss.social/tags/firewalld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewalld</span></a> <a href="https://floss.social/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a> <a href="https://floss.social/tags/nmap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nmap</span></a> <a href="https://floss.social/tags/lsof" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lsof</span></a> <br><a href="https://ostechnix.com/check-and-secure-open-ports-in-linux/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ostechnix.com/check-and-secure</span><span class="invisible">-open-ports-in-linux/</span></a></p>
europlus :autisminf:<p><a href="https://social.europlus.zone/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.europlus.zone/tags/SysAdmins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SysAdmins</span></a> <a href="https://social.europlus.zone/tags/NetworkAdmins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkAdmins</span></a></p><p>Ubuntu 24.04 system with a publicly-routable external IP address.</p><p>For a given incoming UDP port (&lt;1024, call it port x, I can’t change this), I want to forward that to localhost (or the ens3 interface) on another port (&gt;1024, port y) so I can invoke QEMU as non-root and forward port y to the emulated system’s port x via slirp.</p><p>Is this doable?</p><p>I’ve tried heaps of nat prerouted examples, but haven’t yet gotten anything to stick.</p><p>Boosts appreciated!</p><p><a href="https://social.europlus.zone/tags/IPTables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPTables</span></a></p>
Linux Guides<p>Was fuer ein Quatsch ist das eigentlich denn, dass ufw nicht greift, wenn die offizielle Docker-Version installiert ist. </p><p>Meiner Ansicht nach eine riesiges Sicherheitsrisiko, dem sich viele Admins evtl. gar nicht bewusst sind.<br>Habe ich auch erst vor ein paar Monaten entdeckt. Das existiert schon seit Jahren so.</p><p>Was meint Ihr? Die Maintainer Version von Debian hat das Gott sei Dank nicht. </p><p>Wird wohl Zeit, Pentesting in unseren regelmaessigen Checks einzubauen.</p><p><a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://mastodon.social/tags/ufw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ufw</span></a> <a href="https://mastodon.social/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.linux.pizza/@lanefu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lanefu</span></a></span> <span class="h-card" translate="no"><a href="https://fedi.rrr.sh/@pearl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>pearl</span></a></span> I mean, I'd rather try to use <a href="https://infosec.space/tags/ipFire" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipFire</span></a> but sadly I've yet to see some <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>-based <a href="https://infosec.space/tags/Networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Networking</span></a> distro / setup that comes close to <a href="https://infosec.space/tags/pfSense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfSense</span></a> / <a href="https://infosec.space/tags/OPNsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OPNsense</span></a>...</p><ul><li>It's just that once you used <a href="https://infosec.space/tags/pfSync" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfSync</span></a> / <a href="https://infosec.space/tags/CARP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CARP</span></a> &amp; had cheap hot-standby hardware redundancy you don't want to go back!</li></ul><p>But that's me being <em>"too lazy" to do <a href="https://infosec.space/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a></em>... </p><p><a href="https://infosec.space/@kkarhan/113713495495303983" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1137134</span><span class="invisible">95495303983</span></a></p>
Jonathan Kamens 86 47<p>Amusing <a href="https://federate.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://federate.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> story (well, _I_ thought it was amusing, at least in hindsight)…<br>My CentOS Stream server was confused because I had both iptables-nft-services and iptables-services installed thanks to the latter being listed in my Ansible playbook when it shouldn't have been. These two packages should be marked as conflicting with each other to prevent this, but aren't.<br><a href="https://federate.social/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a> <a href="https://federate.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://federate.social/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a><br>🧵1/4</p>
Linux Magazine<p>From Linux Update: Frank Hoffman shows you how nftables simplifies the process of creating and maintaining firewall rules <a href="https://www.linux-magazine.com/Issues/2023/270/nftables" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linux-magazine.com/Issues/2023</span><span class="invisible">/270/nftables</span></a> <a href="https://fosstodon.org/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> <a href="https://fosstodon.org/tags/nftables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nftables</span></a> <a href="https://fosstodon.org/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a> <a href="https://fosstodon.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://fosstodon.org/tags/filter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>filter</span></a> <a href="https://fosstodon.org/tags/packets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packets</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/netfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netfilter</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a></p>
Meow.tar.gz :verified:<p>The more I am digging in to <a href="https://goblackcat.net/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a>, the more I am realizing I really need to take the time to grok <a href="https://goblackcat.net/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a>. This way I'll understand what tools like <a href="https://goblackcat.net/tags/firewalld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewalld</span></a> and <a href="https://goblackcat.net/tags/ufw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ufw</span></a> are really doing.</p>
Jens Brückner 😷 :debian:<p>Tipps und dazu noch ein freies Template für Freunde von <a href="https://social.tchncs.de/tags/Virtualisierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Virtualisierung</span></a>, hochverfügbare <a href="https://social.tchncs.de/tags/Cluster" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cluster</span></a>, <a href="https://social.tchncs.de/tags/VMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VMs</span></a>, <a href="https://social.tchncs.de/tags/LXC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LXC</span></a> und <a href="https://social.tchncs.de/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> Computing.<br><a href="https://social.tchncs.de/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxmox</span></a> auf <a href="https://social.tchncs.de/tags/VPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPS</span></a> <a href="https://social.tchncs.de/tags/Root" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Root</span></a> <a href="https://social.tchncs.de/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Server</span></a>, <a href="https://social.tchncs.de/tags/pfsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfsense</span></a>, <a href="https://social.tchncs.de/tags/NAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NAT</span></a>, <a href="https://social.tchncs.de/tags/WAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WAN</span></a>, <a href="https://social.tchncs.de/tags/LAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LAN</span></a> <a href="https://social.tchncs.de/tags/iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iptables</span></a> <a href="https://social.tchncs.de/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://social.tchncs.de/tags/portainer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>portainer</span></a></p><p><a href="https://blog.jbvfx.de/2022/04/proxmox-ve-auf-vps-root-server-pfsense-nat-wan-lan/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.jbvfx.de/2022/04/proxmox-</span><span class="invisible">ve-auf-vps-root-server-pfsense-nat-wan-lan/</span></a></p>