LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Blogs
Reload this Page serafean
User Name
Password

Notices


Old

Setting up DNS in 2017 - A record to TLSA

Posted 03-23-2017 at 03:28 PM by serafean
Updated 03-23-2017 at 04:14 PM by serafean
I set off on the journey to set up DNS as correctly as I could. After reading through a lot of stuff, here are my findings:
This example server will have on IP, and will run a web server, and an email server.
This is more of a setup dump than tutorial, but might point someone in the right direction...

Prequisites:

First, create an A (AAAA for ipv6 ) record for the domain :
Code:
example.net. 1800 IN A 127.0.0.1
Basic explanation of the entry
  • example.net.
...
Continue reading...
Member
Posted in Uncategorized
Views 1566 Comments 0 serafean is offline
Old

nftables NAT

Posted 10-03-2016 at 05:04 PM by serafean
Updated 10-03-2016 at 05:08 PM by serafean
Finally getting around to writing the continuation of this howto. Now lets take a look at a basic router firewall.
Basic ruleset configuration is described here.
This ruleset only sets up ipv4 nating, no filtering is set up (that will be covered later)
The following is an nft configuration file. To be loaded with nft -f.
Code:
define if_wan = eth0
table ip filter {
        map tcp_nat_map {type inet_service : ipv4_addr;}
        map udp_nat_map
...
Continue reading...
Member
Posted in nftables
Views 2057 Comments 0 serafean is offline
Old

systemd yacy "hardened" unit

Posted 08-31-2016 at 02:51 PM by serafean
This is more of an archive for my yacy service file
Code:
[Unit]
Description=Yacy distributed search engine

[Service]

#Service
Type=forking
GuessMainPID=yes
ExecStart=/opt/yacy/startYACY.sh
ExecStop=/opt/yacy/stopYACY.sh
User=yacy
Group=yacy
WorkingDirectory=/opt/yacy

# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
...
Continue reading...
Member
Posted in Uncategorized
Views 507 Comments 0 serafean is offline
Old

systemd 219 && systemd-networkd changes

Posted 02-22-2015 at 08:45 AM by serafean
Tags systemd
The recent update to systemd sent it to version 219. Per the changelog, .network files gained two new configuration values
Code:
IPForward
IPMasquerade
After the upgrade, my Gentoo box stopped routing packets to the internet. NAT was setup correctly, so the issue couldn't be there.

It appears that systemd by default sets the forwarding sysctl of each interface to 0. In order for packets to be forwarded, this must be set to 1. /etc/sysctl.conf was of no help.
...
Continue reading...
Member
Posted in Uncategorized
Views 1212 Comments 0 serafean is offline
Old

nftables series - part 1 - baby steps

Posted 12-24-2014 at 08:53 AM by serafean
Updated 12-24-2014 at 08:55 AM by serafean
Nftables introduction

I assume a kernel >=3.18 and nft >= 0.4.

I decided to try out nftables, the would-be iptables successor on my home router/server PC.
As a basic guide I used this guide and the pretty good basic documentation on wiki.nftables.org.

Nft comes with a completely empty ruleset. Meaning no predefined tables, chains or rules.
You as a user create tables, populate those with chains (which hook into kernel netfilter hooks)...
Continue reading...
Member
Posted in nftables
Views 1613 Comments 0 serafean is offline
Page 1 of 3 1 23

  



All times are GMT -5. The time now is 08:08 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration