On Sat, 2016-02-13 at 08:33 -0600, Robert Nichols wrote:
> The lack of response means, "There's a machine here that is trying
> not to be seen." If there were really no machine at that address,
> the upstream router would have sent back an ICMP "No route to host"
> response. Yes, I do DROP most o
On 02/12/2016 03:34 PM, Rick Stevens wrote:
On 02/12/2016 01:01 PM, Joe Zeff wrote:
On 02/12/2016 12:47 PM, Bob Goodwin wrote:
Ok, I'll try adding that. Joe brings up the need to keep a route open to
NTP, that presents another concern.
Either that, or set up a local NTP server on a box that's
On 02/13/16 11:44, jd1008 wrote:
>
>
> On 02/12/2016 08:05 PM, Joe Zeff wrote:
>> On 02/12/2016 06:42 PM, jd1008 wrote:
>>> Interesting. I did not see a link on the page for doing port scan.
>>
>> When you go to that page and click on the button to Proceed, you get to
>> https://www.grc.com/x/ne.
On 02/12/2016 08:45 PM, Joe Zeff wrote:
On 02/12/2016 07:44 PM, jd1008 wrote:
All I am getting from that page is:
*Browser Reload Suppressed
Interesting. Do you have any special security settings, or addons?
All I can say is, it works just fine for me.
Yes.
I have noscript enabled.
So, I
On 02/12/2016 07:44 PM, jd1008 wrote:
All I am getting from that page is:
*Browser Reload Suppressed
Interesting. Do you have any special security settings, or addons? All
I can say is, it works just fine for me.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change s
On 02/12/2016 08:05 PM, Joe Zeff wrote:
On 02/12/2016 06:42 PM, jd1008 wrote:
Interesting. I did not see a link on the page for doing port scan.
When you go to that page and click on the button to Proceed, you get
to https://www.grc.com/x/ne.dll?rh1dkyd2 and if you scroll down past
the UPn
On 02/12/2016 06:42 PM, jd1008 wrote:
Interesting. I did not see a link on the page for doing port scan.
When you go to that page and click on the button to Proceed, you get to
https://www.grc.com/x/ne.dll?rh1dkyd2 and if you scroll down past the
UPnP Exposure Test, you'll see where you can h
On 02/12/2016 07:35 PM, Joe Zeff wrote:
On 02/12/2016 06:16 PM, jd1008 wrote:
The website Joe mentions only tested the UPNP of the router I am
connected to.
Of course the test failed to make use of upnp because the router blocks
those requests
coming from the internet.
You can also have it d
On 02/12/2016 06:16 PM, jd1008 wrote:
The website Joe mentions only tested the UPNP of the router I am
connected to.
Of course the test failed to make use of upnp because the router blocks
those requests
coming from the internet.
You can also have it do a port scan, to see which, if any ports r
On 02/12/2016 06:13 PM, Bob Goodwin wrote:
On 02/12/16 19:12, Joe Zeff wrote:
If you want to find out just how secure you are, here's a good place
to test your firewall: https://www.grc.com/x/ne.dll?bh0bkyd2
--
.
That seems to indicate that my firewall is working well, dunno how
much con
Allegedly, on or about 12 February 2016, Rick Stevens sent:
> Carrying that further, set up the firewall to block all incoming
> traffic initially and use "DROP" as the target--NOT "REJECT". The
> reason to use DROP is that "REJECT" actually returns a response to a
> probe which essentially says "Y
On 02/12/16 19:12, Joe Zeff wrote:
If you want to find out just how
secure you are, here's a good place to
test your firewall:
https://www.grc.com/x/ne.dll?bh0bkyd2
--
.
That seems to indicate that my firewall
is working well, dunno how much
confidence I can have in it? It's been
severa
On 02/12/2016 01:34 PM, Rick Stevens wrote:
Carrying that further, set up the firewall to block all incoming traffic
initially and use "DROP" as the target--NOT "REJECT". The reason to use
DROP is that "REJECT" actually returns a response to a probe which
essentially says "Yeah, there's a machine
On 02/12/16 16:36, Joe Zeff wrote:
Remember, this doesn't need to be a
dedicated box. All you need to do is
set it up on any box that's always up
and has Internet access.
.
The ones that are always up are the two
I want to protect. But I will consider that.
--
Bob Goodwin - Zuni, Virgin
On 02/12/2016 01:24 PM, Bob Goodwin wrote:
This system is already grown too complex over the years, I would like to
avoid adding a local NTP server to it although I have considered trying
to use a GPS time source ... Hmm, another project.
Remember, this doesn't need to be a dedicated box. All
On 02/12/2016 01:01 PM, Joe Zeff wrote:
On 02/12/2016 12:47 PM, Bob Goodwin wrote:
Ok, I'll try adding that. Joe brings up the need to keep a route open to
NTP, that presents another concern.
Either that, or set up a local NTP server on a box that's not blocked.
Let that box sync to the rest o
On 02/12/16 16:01, Joe Zeff wrote:
Ok, I'll try adding that. Joe brings
up the need to keep a route open to
NTP, that presents another concern.
Either that, or set up a local NTP
server on a box that's not blocked.
Let that box sync to the rest of the
net and have your LAN all sync to it.
On 02/12/16 16:12, Gordon Messmer wrote:
It works to prevent internet access
from that ip. However I can still
ping 8.8.8.8
In a very general sense, DROP may be
preferred to REJECT when you are
dealing with protocols other than TCP
or UDP.
For TCP, a firewall can reject a
packet by sendi
On 02/12/16 15:53, Rick Stevens wrote:
The objective is to protect my
servers which I want connected to the
LAN
but not the internet. The firewall is
in the router, openwrt, I want to
set up.
As I said in another post, my guess is
that it affects TCP and UDP.
The rule you commented out woul
On 02/12/2016 11:10 AM, Bob Goodwin wrote:
It works to prevent internet access from that ip. However I can still
ping 8.8.8.8
In a very general sense, DROP may be preferred to REJECT when you are
dealing with protocols other than TCP or UDP.
For TCP, a firewall can reject a packet by sending
On 02/12/2016 12:47 PM, Bob Goodwin wrote:
Ok, I'll try adding that. Joe brings up the need to keep a route open to
NTP, that presents another concern.
Either that, or set up a local NTP server on a box that's not blocked.
Let that box sync to the rest of the net and have your LAN all sync to
On 02/12/2016 12:45 PM, Bob Goodwin wrote:
I hadn't thought of that Joe, probably only one of the things I didn't
consider. With other routers it was just another GUI menu item, I
entered the ip's and left it at that hoping for the best. Here I'm being
forced to look at what I'm doing, not a ba
On 02/12/2016 12:28 PM, Bob Goodwin wrote:
On 02/12/16 15:10, Rick Stevens wrote:
Not sure which firewall you're using. Judging by your description of its
behavior, the odds are that the (unless otherwise specified) default
protocol the rules affect is TCP. If that's the case, yes, your rules
w
On 02/12/16 15:30, Rick Stevens wrote:
There's a whole lot of protocols that
come under the "IP" umbrella.
Dump out the content of
/etc/protocols if you want to see a
(fairly
complete, but not exhaustive) list of
what's out there.
After more digging around, it appears
you're using firewal
On 02/12/16 15:39, Joe Zeff wrote:
On 02/12/2016 12:28 PM, Bob Goodwin
wrote:
The objective is to protect my
servers which I want connected to the
LAN
but not the internet. The firewall is
in the router, openwrt, I want to
set up.
I haven't had to play with router
firewalls in several year
On 02/12/2016 12:28 PM, Bob Goodwin wrote:
The objective is to protect my servers which I want connected to the LAN
but not the internet. The firewall is in the router, openwrt, I want to
set up.
I haven't had to play with router firewalls in several years, and that
never included this type of
On 02/12/2016 12:10 PM, Rick Stevens wrote:
On 02/12/2016 11:10 AM, Bob Goodwin wrote:
I have been messing with a firewall file and added the following:
config rule
option src lan
option src_ip 192.168.1.7
option dest wan
option ta
On 02/12/16 15:10, Rick Stevens wrote:
Not sure which firewall you're using.
Judging by your description of its
behavior, the odds are that the
(unless otherwise specified) default
protocol the rules affect is TCP. If
that's the case, yes, your rules
would prevent TCP-based activity
(telnet,
On 02/12/2016 11:10 AM, Bob Goodwin wrote:
I have been messing with a firewall file and added the following:
config rule
option src lan
option src_ip 192.168.1.7
option dest wan
option target REJECT
It works to prevent internet a
I have been messing with a firewall file
and added the following:
config rule
option src lan
option src_ip 192.168.1.7
option dest wan
option target REJECT
It works to prevent internet access from
that ip. However I can still ping
30 matches
Mail list logo
