Re: Authenticator apps

2024-08-05 Thread Michael Kjörling
On 5 Aug 2024 05:31 +0800, from wes...@mxcloud.eu.org (Wesley): > OT question, can debian desktop run a simulator for phone app? If OP thinks a password manager is "more complicated than needed", then what isn't running a hardware emulator + whole operating system + Who knows what? -- Michael Kj

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-04, George at Clug wrote: > I do like the idea of blocking all outbound connections, and only > opening ports that are required for whatever services I want to use. I do the same. > For servers I often do, but for workstations, sadly I am often lazy and > default to allowing all outgo

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-04, George at Clug wrote: > I think I finally have success (had to fix way too many typos). > > Please review, and please comment if it can be improved. Don't fix typo and instead rewrite your rules with nftables https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: > On 2024-08-04, George at Clug wrote: > > > I think I finally have success (had to fix way too many typos). > > > > Please review, and please comment if it can be improved. > > Don't fix typo and instead rewrite your rules with nftables > h

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-05, George at Clug wrote: > Down below is the output of the translation commands for my Iptables > commands. Interesting but again, I will need to learn what this means, > it does not look self explanatory. But hopefully, like everything > computer related, it is usually not that compl

VM, wifi, NAT (was: Re: Internet facing Firewalls mDNS UPnP SMB)

2024-08-05 Thread Max Nikulin
On 05/08/2024 17:50, George at Clug wrote: I am also a bit concerned about the statement "table ip nat", I do not want [e.g. need] any Network Address Translation occurring. Re: VirtualBox (VB) and Window

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread john doe
On 8/5/24 12:50, George at Clug wrote: On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: On 2024-08-04, George at Clug wrote: I think I finally have success (had to fix way too many typos). Please review, and please comment if it can be improved. Don't fix typo and instead rewrite your

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Dan Purgert
On Aug 04, 2024, George at Clug wrote: > > > On Sunday, 04-08-2024 at 16:15 john doe wrote: > > On 8/4/24 06:48, jeremy ardley wrote: > > > > > > On 4/08/2024 12:26 pm, George at Clug wrote: > > >> > > >> If I go to the local coffee shop and connect my laptop to their WiFi, > > >> which incoming

Re: Authenticator apps

2024-08-05 Thread Tim Woodall
On Sun, 4 Aug 2024, to...@tuxteam.de wrote: On Sun, Aug 04, 2024 at 05:44:07PM +0100, Mick Ab wrote: I have a Debian Bullseye desktop PC. I am looking for a 2fa authenticator that works on my desktop, without using a smartphone or tablet. I don't know what an "authenticator app" is. If what

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 23:27 Dan Purgert wrote: > On Aug 04, 2024, George at Clug wrote: > > > > > > On Sunday, 04-08-2024 at 16:15 john doe wrote: > > > On 8/4/24 06:48, jeremy ardley wrote: > > > > > > > > On 4/08/2024 12:26 pm, George at Clug wrote: > > > >> > > > >> If I go to the local

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 22:25 john doe wrote: > On 8/5/24 12:50, George at Clug wrote: > > > > > > On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: > >> On 2024-08-04, George at Clug wrote: > >> > >>> I think I finally have success (had to fix way too many typos). > >>> > >>> Please review,

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 21:52 Michel Verdier wrote: > On 2024-08-05, George at Clug wrote: > > > Down below is the output of the translation commands for my Iptables > > commands. Interesting but again, I will need to learn what this means, > > it does not look self explanatory. But hopefully

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Charles Curley
On Tue, 06 Aug 2024 01:12:08 +1000 George at Clug wrote: > It would be nice if systems were not so complex that they required > frontends to be usable. Perhaps it would be nice. But that's not the way of the world. I wrote 6502 assembly code and hand-assembled it way back when. I was very glad t

Re: Authenticator apps

2024-08-05 Thread Corey Hickman
August 5, 2024 at 10:35 PM, "Tim Woodall" wrote: > > > > oathtool (in the same-named Debian package) might be your friend. > > > > I use this too, and it gives the same numbers as FreeOTP which I have > > installed on my phone. > Me second with oathtool which just works for me. regards.

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Tuesday, 06-08-2024 at 04:12 Charles Curley wrote: > On Tue, 06 Aug 2024 01:12:08 +1000 > George at Clug wrote: > > > It would be nice if systems were not so complex that they required > > frontends to be usable. > > Perhaps it would be nice. But that's not the way of the world. I wrote >

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 22:25 john doe wrote: > On 8/5/24 12:50, George at Clug wrote: > > > > > > On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: > >> On 2024-08-04, George at Clug wrote: > >> > >>> I think I finally have success (had to fix way too many typos). > >>> > >>> Please review,

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Charles Curley
On Tue, 06 Aug 2024 09:44:32 +1000 George at Clug wrote: > This morning, after thinking on these things I realise I am wrong. > > I am showing both my ignorance and my stupidity. > > "Times have changed", "That was then, this is now". My compliments on your willingness to do so. It is not ea

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 23:27 Dan Purgert wrote: > On Aug 04, 2024, George at Clug wrote: > > > > > > On Sunday, 04-08-2024 at 16:15 john doe wrote: > > > On 8/4/24 06:48, jeremy ardley wrote: > > > > > > > > On 4/08/2024 12:26 pm, George at Clug wrote: > > > >> > > > >> If I go to the local

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread jeremy ardley
On 6/8/24 08:05, George at Clug wrote: Is it possible to be aware of all the ports required by systems/services like "AWS / Cloudflare / etc", such that it is possible to ensure any firewalls that are put in place do not inhibit the features of these systems? In AWS you have a Virtual Priv

nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread George at Clug
Hi, I have my simple nftables firewall working (thanks to people who have posted). However I have one issue, my nftables is not recognising the label 'dns' for port 53, although it is recognising labels for other ports that I have been using (e.g. ssh, http, ntp, https). When I checked on the

Re: Authenticator apps

2024-08-05 Thread tomas
On Mon, Aug 05, 2024 at 10:22:35PM +, Corey Hickman wrote: > August 5, 2024 at 10:35 PM, "Tim Woodall" wrote: > > > > > > > > oathtool (in the same-named Debian package) might be your friend. > > > > > > > I use this too, and it gives the same numbers as FreeOTP which I have > > > > ins

Re: nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread David Wright
On Tue 06 Aug 2024 at 14:25:45 (+1000), George at Clug wrote: > However I have one issue, my nftables is not recognising the label > 'dns' for port 53, although it is recognising labels for other ports > that I have been using (e.g. ssh, http, ntp, https). My /etc/services uses the term "domain"

Re: What is the purpose of mDNS

2024-08-05 Thread David Wright
On Sat 03 Aug 2024 at 11:26:38 (+0200), to...@tuxteam.de wrote: > On Sat, Aug 03, 2024 at 06:56:42PM +1000, George at Clug wrote: > > What is the purpose of mDNS ?  > > > >  It seems to be for multicast?   > > It is not /for/ multicast IP, it /uses/ multicast for name resolution. > In a nutshell

Re: dot internal and mDNS

2024-08-05 Thread David Wright
On Sat 03 Aug 2024 at 12:59:45 (+), Andy Smith wrote: > On Sat, Aug 03, 2024 at 06:40:32PM +1000, George at Clug wrote: > > I believe ICCAN are moving to possibly replacing .local, .home, .lan, > > .corp, .mail, .localdomain, (and possibly others) with .internal ? > > home.arpa was defined by

Re: nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread George at Clug
On Tuesday, 06-08-2024 at 14:40 David Wright wrote: > On Tue 06 Aug 2024 at 14:25:45 (+1000), George at Clug wrote: > > > However I have one issue, my nftables is not recognising the label > > 'dns' for port 53, although it is recognising labels for other ports > > that I have been using (e.g.

Re: nsswitch what should come first

2024-08-05 Thread David Wright
On Fri 02 Aug 2024 at 19:29:14 (-0400), Dan Ritter wrote: > Lee wrote: > > On Thu, Aug 1, 2024 at 10:40 PM Jeffrey Walton wrote: > > > > > > I personally remove mDNS and Bonjour from my machines. mDNS is not the > > > source of truth on my networks. Rather, DNS is the source of truth in > > > my n

Re: Authenticator apps

2024-08-05 Thread Kevin Price
Dear Mick, dear all: Am 05.08.24 um 09:06 schrieb Michael Kjörling: > On 5 Aug 2024 05:31 +0800, from wes...@mxcloud.eu.org (Wesley): >> OT question, can debian desktop run a simulator for phone app? Absolutely yes. But that's not going to help anyone in this thread. > If OP thinks a password ma

Re: What is the purpose of mDNS

2024-08-05 Thread tomas
On Mon, Aug 05, 2024 at 11:49:37PM -0500, David Wright wrote: > On Sat 03 Aug 2024 at 11:26:38 (+0200), to...@tuxteam.de wrote: [...] > > It is part of Microsoft's promise that anyone can be sysadmin [...] > Isn't that what modern networking is striving to attain? Whoever "modern networking" i

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread john doe
On 8/6/24 01:47, George at Clug wrote: On Monday, 05-08-2024 at 22:25 john doe wrote: On 8/5/24 12:50, George at Clug wrote: On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: On 2024-08-04, George at Clug wrote: YOu realy need to be intimate with nftables, you might want to consider

Re: Authenticator apps

2024-08-05 Thread tomas
On Tue, Aug 06, 2024 at 07:10:38AM +0200, Kevin Price wrote: > Dear Mick, dear all: [...] So far, agreed. > If I understand you correctly, Mick, you're considering to move your > TOTP factor out of an independent device towards your local debian > machine for convenience, so you'd be giving away

Re: nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread Michel Verdier
On 2024-08-06, George at Clug wrote: > # nano /etc/nftables.conf /etc/nftables.conf is used to load rules at boot by systemd nftables.service. It's safer to edit another file, test it with nft -f, then if it's correct to copy it to /etc/nftables.conf. If something goes wrong a reboot could restor

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-06, George at Clug wrote: > To disable port forwarding would this be a better method? "ceinture et bretelles" (I let you translate) > # echo 0 > /proc/sys/net/ipv4/ip_forward > # cat /etc/sysctl.conf > # Uncomment the next line to enable packet forwarding for IPv4 > #net.ipv4.ip_forwa