vs2-free-users
Active Member
Its not realy security. But its mimimze the login scans on your server. Take a look on lastb or auth log. I have never seen a ipv6 here.HAHAHHA YES! Thats a really good one
That is security by obscurity though.
Its not realy security. But its mimimze the login scans on your server. Take a look on lastb or auth log. I have never seen a ipv6 here.HAHAHHA YES! Thats a really good one
That is security by obscurity though.
Ins only a increasing counter in my firewall .login scans for ssh are like raindrops on your windshield when you drive your car in the rain.
how large can this integer become?Ins only a increasing counter in my firewall .
An I used a windshield made of sugar.login scans for ssh are like raindrops on your windshield when you drive your car in the rain.
Probably nftables because you can setup a counter there so that you can see how many packets hit that rule.what firewall do you use? iptables / ipv4/ipv6 ?
tcp dport 80 counter packets 6443 bytes 334166 accept
ah ok, nftables, I have never used it. I will read some tutorialsProbably nftables because you can setup a counter there so that you can see how many packets hit that rule.
Code:tcp dport 80 counter packets 6443 bytes 334166 accept
ah ok, nftables, I have never used it. I will read some tutorials
what firewall do you use? iptables / ipv4/ipv6 ?
Hi,how large can this integer become?
what firewall do you use? iptables / ipv4/ipv6 ?
nftables isn't that much different that from iptables, firewall is a frontend for nftables but I found the output of firewalld unreadable compared to the output of iptables and nftables.you most likely want to find an nftables wrapper script that simplifies the creation of nftables rules.
Time to eventually switch to nftables, it's not that hard to switch over?iam a fan of the classic ip(6)tables.
Time to eventually switch to nftables, it's not that hard to switch over?
You should use what you prefer to as much as I can use the packages from the default repo, especially when it comes to fire-walling and I think nftables or iptables is easier than using something like nftables . On something that isn't a normal host but a central firewall I might consider it, but generally other software is usually used for central firewall from my experience.I am not a fan of using iptables nor nftables directly - you should use a wrapper.
True, the configuration is mostly the same with some differences.And no its not (switching over), its the same thing in green.
central firewall
# allow incoming ICMP echo request/response to mesh
Ping(ACCEPT) mesh local icmp -
# allow outgoing ICMP echo request/response to mesh
Ping(ACCEPT) local mesh icmp -
# allow outgoing HTTPS to pub
ACCEPT local pub udp 443
# allow outgoing DNS queries to the hosting providers DNS servers
DNS(ACCEPT) local pub:8.8.8.8,8.8.4.4 - -
Where I work we have central firewalls(in a cluster) and we have firewalls running on all the hosts, central firewalls are used on dmz networks and internal isolated networks. Security is a process, not a destination so security is done on many different levels not on one host or layer. At home I use OPNsense.this is spelled wrong. You should spell it like this "single point of failure".