Re: [CentOS] firewalld being stupid

Em 17-11-2015 01:26, Dennis Jacobfeuerborn escreveu: On 16.11.2015 22:58, Gordon Messmer wrote: On 11/16/2015 01:39 PM, Nick Bright wrote: This is very frustrating, and not obvious. If --permanent doesn't work for a command, then it should give an error - not silently fail without doing anythin

[CentOS] CentOS-announce Digest, Vol 129, Issue 8

Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ.

Re: [CentOS] firewalld being stupid

On Mon, November 16, 2015 16:39, Nick Bright wrote: > On 11/6/2015 3:58 PM, James Hogarth wrote: >> I have a couple of relevant articles you may be interested in ... >> >> On assigning the zone via NM: >> https://www.hogarthuk.com/?q=node/8 >> >> Look down to the "Specifying a particular firewall

Re: [CentOS] firewalld being stupid

On Tue, Nov 17, 2015 at 09:18:22AM -0500, James B. Byrne wrote: > This behaviour is congruent with SELinux. One utility adjusts the > permanent configuration, the one that will be applied at startup. > Another changes the current running environment without altering the > startup config. From a sy

[CentOS] Problems with CentOS Advisory from August 2014

Regarding this announcement [CentOS-announce] CESA-2014:1008 Important CentOS 6 samba Security Update *Johnny Hughes* johnny at centos.org

Re: [CentOS] firewalld being stupid

On 17.11.2015 15:18, James B. Byrne wrote: > > On Mon, November 16, 2015 16:39, Nick Bright wrote: >> On 11/6/2015 3:58 PM, James Hogarth wrote: >>> I have a couple of relevant articles you may be interested in ... >>> >>> On assigning the zone via NM: >>> https://www.hogarthuk.com/?q=node/8 >>> >

Re: [CentOS] CentOS-SCL python version

On 16/11/15 18:26, Noam Bernstein wrote: > Hi - I’d like to use the CentOS-SCL python27 packages, but those appear to be > rather out of date, still on 2.7.5. Is there any chance that there will be > an update in the 2.7 track, to 2.7.10? > >

Re: [CentOS] CentOS-SCL python version

> On Nov 17, 2015, at 10:19 AM, Karanbir Singh wrote: > > On 16/11/15 18:26, Noam Bernstein wrote: >> Hi - I’d like to use the CentOS-SCL python27 packages, but those appear to >> be rather out of date, still on 2.7.5. Is there any chance that there will >> be an update in the 2.7 track, to 2.

Re: [CentOS] firewalld being stupid

On 11/17/2015 8:18 AM, James B. Byrne wrote: This behaviour is congruent with SELinux. One utility adjusts the permanent configuration, the one that will be applied at startup. Another changes the current running environment without altering the startup config. From a sysadmin point of view thi

Re: [CentOS] firewalld being stupid

On 11/16/2015 3:58 PM, Gordon Messmer wrote: On 11/16/2015 01:39 PM, Nick Bright wrote: This is very frustrating, and not obvious. If --permanent doesn't work for a command, then it should give an error - not silently fail without doing anything! But --permanent *did* work. No, it didn't. N

Re: [CentOS] firewalld being stupid

Nick Bright wrote: > On 11/17/2015 8:18 AM, James B. Byrne wrote: >> This behaviour is congruent with SELinux. One utility adjusts the >> permanent configuration, the one that will be applied at startup. >> Another changes the current running environment without altering the >> startup config. From

[CentOS] firewalld rule syntax

I'm still learning firewalld obviously, and I am having trouble groking the documentation to understand how to do this. I know I could do an iptables direct, but that doesn't seem like the "right" way to do it. What I'm trying to do is allow a specific service, only for a specific ip. Effect

Re: [CentOS] firewalld being stupid

On Nov 17, 2015 12:11 PM, wrote: > tell me progress, and final result. You'd think they were an old New > Englander. > > mark, ayu' _ Totally hilarious. Thanks for making my day. Mike ___ CentOS mailing list Ce

Re: [CentOS] firewalld being stupid

On 17.11.2015 17:51, m.r...@5-cent.us wrote: > Nick Bright wrote: >> On 11/17/2015 8:18 AM, James B. Byrne wrote: >>> This behaviour is congruent with SELinux. One utility adjusts the >>> permanent configuration, the one that will be applied at startup. >>> Another changes the current running envir

Re: [CentOS] firewalld rule syntax

On 11/17/2015 11:12 AM, Nick Bright wrote: firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 firewall-cmd --zone=monitoring --add-service=snmp firewall-cmd --zone=monitoring --add-interface=ens192 firewall-cmd --runtime-to-permanent I went ahead and tried this and found that the zone and ser

[CentOS] Running Fedora under CentOS via systemd-nspawn?

tl;dr - Is anybody "running" a Fedora system via systemd-nspawn under CentOS? Long version: Before CentOS 7, I used chroot to create "lightweight containers" where I could cleanly add extra repos and/or software without the risk of "polluting" my main system (and potentially ending up in dependen

[CentOS] centos 7 and keychain

Is there a centos recommended repository for centos 7 where I can obtain the keychain package? TIA, Pete ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firewalld rule syntax

However, at the end > firewall-cmd --zone=monitoring --add-interface=ens192 > > This results in a zone conflict. I'm not sure if it's even possible to > have two zones on the interface. > > Hi Nick, I don't believe an interface can belong to multiple zones. Instead I think you what a rich rule, t

Re: [CentOS] firewalld rule syntax

On 17 Nov 2015 17:30, "Nick Bright" wrote: > > On 11/17/2015 11:12 AM, Nick Bright wrote: >> >> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 >> firewall-cmd --zone=monitoring --add-service=snmp >> firewall-cmd --zone=monitoring --add-interface=ens192 >> firewall-cmd --runtime-to-permanen

Re: [CentOS] firewalld being stupid

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17/11/15 17:29, Dennis Jacobfeuerborn wrote: > On 17.11.2015 17:51, m.r...@5-cent.us wrote: >> Nick Bright wrote: >>> On 11/17/2015 8:18 AM, James B. Byrne wrote: This behaviour is congruent with SELinux. One utility adjusts the permanen

Re: [CentOS] firewalld being stupid

J Martin Rushton wrote: > On 17/11/15 17:29, Dennis Jacobfeuerborn wrote: >> On 17.11.2015 17:51, m.r...@5-cent.us wrote: >>> Nick Bright wrote: On 11/17/2015 8:18 AM, James B. Byrne wrote: > This behaviour is congruent with SELinux. One utility adjusts > the permanent configuration, t

Re: [CentOS] firewalld rule syntax

On 11/17/2015 1:20 PM, James Hogarth wrote: A zone applies to a source network or interface. Have a flick through: https://www.hogarthuk.com/?q=node/9 Surprised SNMP isn't already defined as a service in /usr/lib/firewalld/services Perhaps snmpd ? Don't have a system to hand to check. I

Re: [CentOS] centos 7 and keychain

> On Nov 17, 2015, at 11:27 AM, Pete Stieber wrote: > > Is there a centos recommended repository for centos 7 where I can obtain the > keychain package? > > TIA, > Pete I can only see a version for centos 6: http://pkgs.repoforge.org/keychain/ You’ll ne