vs2-free-users
Active Member
Its not realy security. But its mimimze the login scans on your server. Take a look on lastb or auth log. I have never seen a ipv6 here.HAHAHHA YES! Thats a really good one
That is security by obscurity though.
Debain Server hacked via SSH pw login / my pw in auth.log in clear found
vs2-free-users
Active Member
Ins only a increasing counter in my firewall
.how large can this integer become?Ins only a increasing counter in my firewall
what firewall do you use? iptables / ipv4/ipv6 ?
An I used a windshield made of sugar.
Probably nftables because you can setup a counter there so that you can see how many packets hit that rule.
Code:
tcp dport 80 counter packets 6443 bytes 334166 acceptah ok, nftables, I have never used it. I will read some tutorials
nftables wiki
vs2-free-users
Active Member
Hi,how large can this integer become?
what firewall do you use? iptables / ipv4/ipv6 ?
iam a fan of the classic ip(6)tables.
root@12-u:~# iptables -L -n -v
Chain INPUT (policy DROP 252K packets, 13M bytes)
and this is only my vs2-free playground server.
nftables isn't that much different that from iptables, firewall is a frontend for nftables but I found the output of firewalld unreadable compared to the output of iptables and nftables.
Time to eventually switch to nftables, it's not that hard to switch over?
I am not a fan of using iptables nor nftables directly - you should use a wrapper. For iptables I used shorewall, but that won't support nftables for $reasons.
There are already some out there, just google "nftables wrapper"
And no its not (switching over), its the same thing in green.
You should use what you prefer to as much as I can use the packages from the default repo, especially when it comes to fire-walling and I think nftables or iptables is easier than using something like nftables . On something that isn't a normal host but a central firewall I might consider it, but generally other software is usually used for central firewall from my experience.
True, the configuration is mostly the same with some differences.
this is spelled wrong. You should spell it like this "single point of failure".
Every host is responsible for its own security. A "central security thing" fails and then there is no security.
A wrapper is just something that makes firewall rules more easy to manage and human-readable. A 500 line long iptables or nftables script is hard to manage and invites errors. Keep in mind that you are human and, as such, suck at finding a typo in 500 lines of code.
You want your rules in something simple to view, like a yaml file or a WebUI.
And always remember - If this is your first install of Kali Linux, you HAVE to h4ck xD
This is how human readable firewall rules look like (an example from shorewall)
This is human (or lets say admin) readable.
Code:
# allow incoming ICMP echo request/response to mesh
Ping(ACCEPT) mesh local icmp -
# allow outgoing ICMP echo request/response to mesh
Ping(ACCEPT) local mesh icmp -
# allow outgoing HTTPS to pub
ACCEPT local pub udp 443
# allow outgoing DNS queries to the hosting providers DNS servers
DNS(ACCEPT) local pub:8.8.8.8,8.8.4.4 - -This is human (or lets say admin) readable.
Where I work we have central firewalls(in a cluster) and we have firewalls running on all the hosts, central firewalls are used on dmz networks and internal isolated networks. Security is a process, not a destination so security is done on many different levels not on one host or layer. At home I use OPNsense.
