On 2020-08-15, Sid Spry wrote:
> On Fri, Aug 14, 2020, at 5:06 PM, Grant Edwards wrote:
>> [...]
>>
>> > iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
>>
>> I can confirm, that did indeed work as desired.
>>
>> Even with the kernel rebuild it was far less work than getting set up
>>
On 2020-08-15 00:22- Grant Edwards
wrote:
> On 2020-08-14, tastytea wrote:
>
> > rc-service runs the same service scripts that are in /etc/init.d/,
> > so it's the same. However the manpage of rc-service(8) mentions that
> > “Service scripts could be in different places on different
> > sys
On Fri, Aug 14, 2020, at 5:06 PM, Grant Edwards wrote:
> On 2020-08-14, Grant Edwards wrote:
>
> > I think this should work, but I need to rebuild my kernel with the
> > iptables "owner" extension enabled:
> >
> > iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
>
> I can confirm, that
On 2020-08-14, tastytea wrote:
> rc-service runs the same service scripts that are in /etc/init.d/, so
> it's the same. However the manpage of rc-service(8) mentions that
> “Service scripts could be in different places on different systems”, so
> the most compatible way would be to use rc-service
сб, 15 авг. 2020 г. в 01:34, tastytea :
> Note that, if you set rc_depend_strict="NO" in /etc/rc.conf, the
> dependency “net” is satisfied if only one net.* service is started.
If I remember correctly, it happened sometimes that iptables loaded
after net.eth0 service even with rc_depend_strict="Y
On 2020-08-14 22:17- Grant Edwards
wrote:
> […]
> ### "rc-service iptables" vs. "/etc/init.d/iptables"
rc-service runs the same service scripts that are in /etc/init.d/, so
it's the same. However the manpage of rc-service(8) mentions that
“Service scripts could be in different places on diff
I read through the iptables wiki page this afternoon to refresh my
memory on how you save rules so they get load on startup.
https://wiki.gentoo.org/wiki/Iptables
There are some inconsitencies which I'm curious about.
### "rc-service iptables" vs. "/etc/init.d/iptables"
Most of the page's exa
On 2020-08-14, Grant Edwards wrote:
> I think this should work, but I need to rebuild my kernel with the
> iptables "owner" extension enabled:
>
> iptables -A OUTPUT -o -m owner --uid-owner plex -j DROP
I can confirm, that did indeed work as desired.
Even with the kernel rebuild it was far l
пт, 14 авг. 2020 г. в 23:03, Grant Edwards :
> [For posterity's sake, with -A Output it's -o rather than
> -i ]
Ah, you are right! I am sorry, my iptables rule with 'noinet' doesn't
include an interface, I added it when typing the message and looked at
my rules with an interface from the INPUT s
On 2020-08-14, Alexey Mishustin wrote:
> Isn't this classic option suitable?
>
> groupadd noinet
> usermod -a -G noinet
> iptables -A OUTPUT -i -m owner --gid-owner noinet -j DROP
>and calling not
> Plex
>but
> sg noinet Plex
>(or whatever name the binary has)
Thanks for the sugges
On 2020/08/14 at 07:27am, Dale wrote:
> Peter Humphrey wrote:
> > I saw this today:
> >
> > https://linux.slashdot.org/story/20/08/13/174237/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers?
> > utm_source=slashdot&utm_medium=twitter
> >
> > Has anyone any more info?
>
Peter Humphrey wrote:
> I saw this today:
>
> https://linux.slashdot.org/story/20/08/13/174237/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers?
> utm_source=slashdot&utm_medium=twitter
>
> Has anyone any more info?
>
It seems to affect only older kernels, before 3.7.
I saw this today:
https://linux.slashdot.org/story/20/08/13/174237/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers?
utm_source=slashdot&utm_medium=twitter
Has anyone any more info?
--
Regards,
Peter.
13 matches
Mail list logo
