Re: [Discuss] ZFS scrub performance degrading

[Rich Pieri]

I think I found it: an extra set of files copied from one of my old
Windows machines prior to converting to Tumblweed. Around 700K files
amounting to 1.6TB that I had staged there for copying to external
storage and then never cleaned up. With that gone the scrub performance
drop kicks in at around 85-90% completion. I can attribute that to
insufficient RAM and L2ARC for the entire storage pool but I can
increase the L2ARC size to accommodate.

-- 
\m/ (--) \m/
___
Discuss mailing list
Discuss@driftwood.blu.org
https://driftwood.blu.org/mailman/listinfo/discuss

Re: [Discuss] Port Scanning

[Kent Borg]

I seem to remember someone saying that firewalls don't fail "off", or 
something like that.


Well, on a Linode machine I have, running very standard Debian, with no 
real customizations, I noticed today the firewall was off:



root@www:/home/kentborg# ufw status
Status: inactive
root@www:/home/kentborg# ufw enable
Firewall is active and enabled on system startup


Good thing the firewall is only an extra layer of security and *not* 
fundamental.



(Linode/Akamai recently did a reboot of my VM because of some problem on 
their end. I suspect that is when it quit walling. I'll have to do my 
own reboot as a test.)


-kb

___
Discuss mailing list
Discuss@driftwood.blu.org
https://driftwood.blu.org/mailman/listinfo/discuss

Re: [Discuss] Port Scanning

[Rich Pieri]

On Sat, 17 Aug 2024 11:05:40 -0700
Kent Borg  wrote:

> I seem to remember someone saying that firewalls don't fail "off", or 
> something like that.
> 
> Well, on a Linode machine I have, running very standard Debian, with
> no real customizations, I noticed today the firewall was off:

That was me; and the context was border firewalls, not host or
"personal" firewalls. Border firewalls do indeed fail off: if a
firewall node faults, or if it is powered off or disconnected, all
traffic routed through it stops.

how-EV-ver...

UFW is not a firewall. The firewall is the kernel Netfilter packet
filter system. UFW is a simplified front end to Netfilter, replacing
the iptables command for basic host firewall management. Netfilter is
always "on" while the kernel is running even when no rules are applied,
and therefore it cannot fail or fault per se.

UFW is disabled by default on Ubuntu; YMMV with other distros which use
it. This is not a failure/fault state of Netfilter: it is on; but it
has not been configured with any rules. It is the operator's
responsibility to enable the UFW or other firewall rules service, if
desired, and to configure and test firewall rules.

If you were to configure a Linux box as a border firewall then it would
behave the same as any other border firewall system: if the machine
fails or faults, or if the firewall rules service is not started, then
no traffic will pass through.

Note: on systemd-based systems, the enable keyword does not start the
service immediately. You need the --now switch or two commands:

  systemctl enable --now ufw.service

or

  systemctl enable ufw.service
  systemctl start  ufw.service

-- 
\m/ (--) \m/
___
Discuss mailing list
Discuss@driftwood.blu.org
https://driftwood.blu.org/mailman/listinfo/discuss