[arch-general] Openvpn Iptables
Hello, i try to setup a openvpn server. The server and client communication is successfully installed but the routing make trouble. Iptables: #!/bin/bash # reset iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -t raw -F iptables -t raw -X iptables -t security -F iptables -t security -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # openvpn iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A INPUT -i tap+ -j ACCEPT iptables -A FORWARD -i tap+ -j ACCEPT Has someone a idea how can routing all traffic through sever from clients? The openvpn configuration is same like tutorial on wiki page from archlinux, change only certifications path and ta key is activated. Thanks for help Silvio Siefke pgpGujHj_B6UJ.pgp Description: PGP signature
[arch-general] IPSEC / L2PT for IOS
Hello, have someone this setup working? Can it share? Or give howtos? I search since few hours but at end all what I found was with openswan. But it give only strongswan. I will be very happy. :) Thank you for help. Silvio
Re: [arch-general] IPSEC / L2PT for IOS
On Tue, 3 Oct 2017 20:15:44 +0200 Lukas Rose wrote: > Sure you want to use IPSEC/L2PT? There’s openvpn for iOS... Yes I know but it will not work. I have no Windows PC so no Itunes and with copy on iphone no chance it seem to me. When I open the ovpn file I become message no certificates are founded. So what chance I have? I have copy all files with FileExplorer FTP to folder Downloads/openvpn. It were great when it will work because ipsec not really easy to handle. Thank you & Greetings Silvio
Re: [arch-general] IPSEC / L2PT for IOS
On Wed, 4 Oct 2017 19:01:03 +0200 Lukas Rose wrote: > There are lots of other ways to get the configuration file on your phone. > E.g. WiFi Transfer via Browser. This I try. I try with sending emails, copy over with File Explorer (FTP Server) but it ends ever wih missing index/ca ... Silvio
Re: [arch-general] IPSEC / L2PT for IOS
On Wed, 04 Oct 2017 10:58:03 +0200 Thomas Dreher via arch-general wrote: > You can embed the certificates in the config file. Mean? I can cat all and done or must change something in client file? That sounds great maybe this will work better. Silvio
[arch-general] Server Management Tools
Hello, Is there a way to automatically administer multiple arch Linux servers? It's annoying to provide 20 servers daily with the same commands. Are there possibilities to manage the daily tasks centrally and to set them off automatically? I know there are tools like puppets but they're too cluttered. Thank you for help. Silvio
Re: [arch-general] Server Management Tools
On Thu, 12 Oct 2017 12:00:18 -0400 David Rosenstrauch wrote: > cron + pssh? Sounds good okay cron I not need but pssh sounds great. But at end I become only siefke@sisibox ~ $ pssh -h .config/pssh-hosts -P yaourt -Suy [1] 20:03:54 [FAILURE] host1 Exited with error code 255 [2] 20:03:55 [FAILURE] host2 Exited with error code 255 [3] 20:03:55 [FAILURE] host3 Exited with error code 255 [4] 20:03:56 [FAILURE] host4 Exited with error code 255 Work it with SSH Keys and sudo? Silvio
Re: [arch-general] Server Management Tools
On Thu, 12 Oct 2017 16:14:50 + Giancarlo Razzolini wrote: > We use ansible to manage arch's servers: > > https://git.archlinux.org/infrastructure.git > > Ansible can be automated using pull, but there are other options as well. Yes I was thinking for it but for yaourt -Suy is for me little overloaded. But ok I will try it with the time. Thanks for link sure will help me. Silvio
Re: [arch-general] Server Management Tools
On Thu, 12 Oct 2017 18:52:39 + Giancarlo Razzolini wrote: > You seriously consider unattended update of packages on servers a good > practice? > On Arch? Good luck with that. Who say something from unattended? I want not only set 20 times the same command. That's all. On the arch server run nothing special. Mail, Web, DNS and VPN and nothing on one alone. Silvio
[arch-general] IPSET and OUTPUT
Hello, I want use ad blocking with iptables so I found ipset which make life easier. My question is how it work with Output format? iptables -I OUTPUT -m set --match-set adblock src -j REJECT will this work? I be not really sure and most what found about ipset is input. Thanks for help Silvio pgpCOykA9jnCm.pgp Description: PGP signature
[arch-general] Unbound
Hello, when I start unbound Nameserver via shell then all work fine. But since few weeks it start not with systemd anymore. When I start with systemd in netstat -tulpe saw only the SSH Service. >From shell the name service also see in netstat -tulpe. Have someone idea what I do wrong? Nice Day & Thanks Silvio Log Oct 31 21:28:59 rb2 unbound[1020]: [1020:0] notice: init module 0: subnet Oct 31 21:28:59 rb2 unbound[1020]: [1020:0] notice: init module 1: validator Oct 31 21:28:59 rb2 unbound[1020]: [1020:0] notice: init module 2: iterator Oct 31 21:28:59 rb2 unbound[1020]: [1020:0] info: start of service (unbound 1.8.1). Oct 31 21:28:59 rb2 unbound[1020]: [1020:0] info: service stopped (unbound 1.8.1). Oct 31 21:28:59 rb2 unbound[1020]: [1020:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip rate> Oct 31 21:28:59 rb2 unbound[1020]: [1020:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 Oct 31 21:28:59 rb2 systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart. Oct 31 21:28:59 rb2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 3. Oct 31 21:28:59 rb2 systemd[1]: Stopped Unbound DNS Resolver. Oct 31 21:28:59 rb2 systemd[1]: Started Unbound DNS Resolver. Oct 31 21:28:59 rb2 unbound[1023]: [1023:0] notice: init module 0: subnet Oct 31 21:28:59 rb2 unbound[1023]: [1023:0] notice: init module 1: validator Oct 31 21:28:59 rb2 unbound[1023]: [1023:0] notice: init module 2: iterator Oct 31 21:28:59 rb2 unbound[1023]: [1023:0] info: start of service (unbound 1.8.1). Oct 31 21:28:59 rb2 unbound[1023]: [1023:0] info: service stopped (unbound 1.8.1). Oct 31 21:28:59 rb2 unbound[1023]: [1023:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip rate> Oct 31 21:28:59 rb2 unbound[1023]: [1023:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 Oct 31 21:29:00 rb2 systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart. Oct 31 21:29:00 rb2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 4. Oct 31 21:29:00 rb2 systemd[1]: Stopped Unbound DNS Resolver. Oct 31 21:29:00 rb2 systemd[1]: Started Unbound DNS Resolver. Oct 31 21:29:00 rb2 unbound[1025]: [1025:0] notice: init module 0: subnet Oct 31 21:29:00 rb2 unbound[1025]: [1025:0] notice: init module 1: validator Oct 31 21:29:00 rb2 unbound[1025]: [1025:0] notice: init module 2: iterator Oct 31 21:29:00 rb2 unbound[1025]: [1025:0] info: start of service (unbound 1.8.1). Oct 31 21:29:00 rb2 unbound[1025]: [1025:0] info: service stopped (unbound 1.8.1). Oct 31 21:29:00 rb2 unbound[1025]: [1025:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip rate> Oct 31 21:29:00 rb2 unbound[1025]: [1025:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 Oct 31 21:29:00 rb2 systemd[1]: unbound.service: Service RestartSec=100ms expired, scheduling restart. Oct 31 21:29:00 rb2 systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5. Oct 31 21:29:00 rb2 systemd[1]: Stopped Unbound DNS Resolver. Oct 31 21:29:00 rb2 systemd[1]: unbound.service: Start request repeated too quickly. Oct 31 21:29:00 rb2 systemd[1]: unbound.service: Failed with result 'start-limit-hit'. Oct 31 21:29:00 rb2 systemd[1]: Failed to start Unbound DNS Resolver.
[arch-general] Wireguard
Hello, had someone run wireguard?`I have read today about it and try to run it through the Tutorial https://emanuelduss.ch/2018/09/wireguard-vpn-road-warrior-setup/ So all is connected, all looks as it work. But someone is wrong cause the ping work not correct. >From client PING 10.23.5.1 (10.23.5.1) 56(84) bytes of data. >From 10.23.5.2 icmp_seq=1 Destination Host Unreachable ping: sendmsg: Der notwendige Schlüssel ist nicht verfügbar* >From 10.23.5.2 icmp_seq=2 Destination Host Unreachable ping: sendmsg: Der notwendige Schlüssel ist nicht verfügbar >From 10.23.5.2 icmp_seq=3 Destination Host Unreachable ping: sendmsg: Der notwendige Schlüssel ist nicht verfügbar >From 10.23.5.2 icmp_seq=4 Destination Host Unreachable ping: sendmsg: Der notwendige Schlüssel ist nicht verfügbar *The necessary key is not available >From Server ping 10.23.5.2 PING 10.23.5.2 (10.23.5.2) 56(84) bytes of data. >From 10.23.5.1 icmp_seq=1 Destination Host Unreachable ping: sendmsg: Destination address required >From 10.23.5.1 icmp_seq=2 Destination Host Unreachable ping: sendmsg: Destination address required >From 10.23.5.1 icmp_seq=3 Destination Host Unreachable ping: sendmsg: Destination address required >From 10.23.5.1 icmp_seq=4 Destination Host Unreachable ping: sendmsg: Destination address required >From 10.23.5.1 icmp_seq=5 Destination Host Unreachable ping: sendmsg: Destination address required So all commands which be in the tutorial are present. ip a l wg0, wg show okay wg show give not more information self when clients are connected. Have here someone idea? Is there a way to become more log information? Maybe a tutorial which is more for Arch? Thank you for help & Nice new year Silvio
Re: [arch-general] Wireguard
On Tue, 1 Jan 2019 15:49:36 +0100 Jelle van der Waa wrote: > I would recommend our wiki article [1]. Do you have ipv4 forwarding > enabled and configured your firwewall correctly? Forwarding is enabled like it stand in tutorial of Arch and Firewall only must open the port I used for wireguard? Regards and thank you Silvio pgpymiUpRWXBp.pgp Description: PGP signature
[arch-general] modprobe, Exec format error
Hello, againt want try to work little with wireguard and now something with the module happen. # modprobe wireguard modprobe: ERROR: could not insert 'wireguard': Exec format error # uname -a Linux fr-rb-1 4.20.2-arch1-1-ARCH #1 SMP PREEMPT Sun Jan 13 17:49:00 UTC 2019 x86_64 GNU/Linux # pacman -Ss linux | grep installed testing/linux 4.20.2.arch1-1 (base) [installed] testing/linux-headers 4.20.2.arch1-1 [installed] core/linux 4.20.1.arch1-1 (base) [installed: 4.20.2.arch1-1] core/linux-api-headers 4.17.11-1 [installed] core/linux-firmware 20181218.0f22c85-1 (base) [installed] core/linux-headers 4.20.1.arch1-1 [installed: 4.20.2.arch1-1] So normal is all installed what needed. # pacman -Ss wireguard | grep installed community/wireguard-arch 0.0.20181218-2 [installed] community/wireguard-tools 0.0.20181218-2 [installed] Have someone a idea? Silvio pgpXwgu0HorRQ.pgp Description: PGP signature
[arch-general] Window Decoration Budgi
Hello, I have installed new Arch Linux and now the Budgie Desktop imaging not the Widgets to close, minimize and maximize. I miss the complete window decoration. Have here someone a idea. Silvio
Re: [arch-general] Window Decoration Budgi
On Sat, 16 Mar 2019 16:16:22 +0100 n...@contrepoison.ch wrote: > Even if you do what it says in the wiki ? > https://wiki.archlinux.org/index.php/Budgie#Changing_button_layout First command work not and second goes without message but it help nothing. -- Silvio
[arch-general] Mutt with Icloud
Hello, have someone mutt with Icloud at work and can share the config? I use google and try and try. The login is no problem, but I can not write an email. my config: set from = "Silvio Siefke <>" yes email set folder = imaps://imap.mail.me.com:993 set spoolfile= +INBOX set postponed= +Drafts set record = +"Sent Messages" set imap_user= "my email" set imap_pass= "my password" set smtp_url = "smtp://$imap_u...@smtp.mail.me.com:587" set smtp_pass= "my password" set ssl_force_tls= yes set ssl_starttls = yes set ssl_use_sslv3= no set ssl_use_tlsv1= no set ssl_use_tlsv1_1 = no set ssl_use_tlsv1_2 = yes set ssl_verify_dates = yes set ssl_verify_host = yes set imap_pipeline_depth = 0 set smtp_authenticators = 'gssapi:login' It would be great. Thank you. Silvio pgpxPNwFQscIz.pgp Description: PGP signature
[arch-general] grep
Hello, I have a question about grep, okay yes is not direct Arch but I not find a information and here on list sure some profis with grep. The folder structure: content/de/blog/*.md content/fr/blog/*.md content/en/blog/*.md content/ru/blog/*.md To know which articles I have translate I grep through dates: grep -e "2019-10-1" content/blog/de (for the dates between 10 and 19) I become: grep -e "2019-10-1" content/de/blog/* content/de/blog/file1.md:date: 2019-10-10 content/de/blog/file2.md:date: 2019-10-12 content/de/blog/file3.md:date: 2019-10-14 content/de/blog/file4.md:date: 2019-10-16 Now is my question, How can I do the same in the other folders and all those that exist with the same date are hidden and when no file is present give out the file which is missing in other folders sort by date. The name of file is sure other, but the date is ever the same. grep -e "2019-10-1" content/en/blog/* No output > all files translated grep -e "2019-10-1" content/fr/blog/* content/de/blog/file4.md:date: 2019-10-16 > file is missed grep -e "2019-10-1" content/ru/blog/* content/de/blog/file3.md:date: 2019-10-14 > file is missed content/de/blog/file4.md:date: 2019-10-16 > file is missed Grep to the first folder (de) as a comparison to the others (en,fr,ru). I had try it with diff but it want not work. Would be great there is a idea. Thank you for help. Silvio pgp3Q1iJmBcTv.pgp Description: PGP signature
Re: [arch-general] grep
Hello, > for file in content/en/blog/*.md; do > basefile=$(basename "$file" .md) > if [[ ! -e content/de/blog/"$basefile" ]]; then > echo "German is missing $basefile"; > fi; > done; > > Perhaps? Basename will not work cause the file name have different names in the languages blog folder. Only date is what can be used at all because this stand in header of every markdown field. > Maybe instead you're saying that the dates present in one language should > also be present in another language? That would be a pretty different > solution with which I'm happy to help if you indicate such a desire. Yes the dates are ever present. -- Thank you & Nice day Silvio pgpHabTJphAVw.pgp Description: PGP signature
Re: [arch-general] grep
Hello,
On Mon, 14 Oct 2019 22:23:49 +0200 (CEST)
"Jeanette C. via arch-general" wrote:
> Hey hey Silvio,
> hm this looks more like a challenge for a whole script. I can script, but I'm
> not always the most efficient.
Yes you right I had think it would be one line :). No worried I search not
efficient, it will be only a help in the daily hobby project. Every time
manuell run grep make sick on a computer which are build to make our life
easier :)
> If your .md files always look the same, i.e. there is always the exact line
> "date: -mm-dd" and you can be sure that one script folder will have all
> articles, because they are originally written in that language, I'd have an
> idea.
Yes this files are markdown text files with a header and the content text.
---
title: "Title"
date: 2019-10-15
tags: "Gesellschaft"
shorttext: ""
draft: false
lang: de
cover: "society"
---
So date is in every file and ever in same format because the date formatting
make hugo when build the pages.
> Say your articles are all created in German:
> grep -e "date: 2019-10-1" content/de/blog/*.md >orig.list
> LINES=`wc -l orig.list | awk '{ print $2 }'` # get number of entries
> # do the same for the ohter folders:
> grep -e "date: 2019-10-1" content/en/blog/*.md >en.list
> grep -e "date: 2019-10-1" content/fr/blog/*.md >fr.list
> # complete for other folders
This work it give files and content like:
$ cat de.list
content/de/blog/die-grünen-heuchler.md:date: 2019-10-16
content/de/blog/die-killer.md:date: 2019-10-17
> # now check
> CURLINE=1
> while [[ $CURLINE -le $LINES ]]; do
>CURDATE=`sed -n ${CURLINE}p orig.list # get an article date
>for FILE in en.list fr.list ru.list and_so_on; do
> COUNT=`grep -c -e "${CURDATE}" ${FILE}
>if [[ $COUNT -eq 0 ]]; then # not found in translation
> echo ${CURDATE} missing in ${FILE}" >missing.files;
> fi;
>done
>let CURLINE=CURLINE+1; # go to next original date
> done
> rm *.list # remove your temporary files
But this will not work. There is no output at end with a bit
playing it run endless or there come Syntax Errors. But an Idea
is born.
--
Nice Day & Thank you
Silvio
pgpO5ho_BIPUx.pgp
Description: PGP signature
Re: [arch-general] grep
On Mon, 14 Oct 2019 16:16:43 -0400 Aaron Laws via arch-general wrote: > for file in content/en/blog/*.md; do > basefile=$(basename "$file" .md) > if [[ ! -e content/de/blog/"$basefile" ]]; then > echo "German is missing $basefile"; > fi; > done; Is it possible this do with date? As Comparison with dates. Silvio
[arch-general] Automated check log and block postfix
Hello, happy new year first :) I have questions about postfix and the logfile. I have often player which try using submission which come in log like: Jan 1 11:39:19 ru-mail postfix/submission/smtpd[7463]: connect from unknown[45.143.222.192] Jan 1 11:39:19 ru-mail postfix/submission/smtpd[7463]: disconnect from unknown[45.143.222.192] ehlo=1 auth=0/1 rset=0/1 quit=1 commands=2/4 >From this ip for example cat /var/log/mail.log | grep 45.143.222.192 | wc -l 1471 I have fail2ban installed but there is nothing happen with. Okay is connect and disconnect. No error message. I not understand why is so but is ok. Is there a way to cat this mess and write it automated to iptables? Is there other way to catch it with a tool? Would be great have someone an idea here. Thank you Silvio pgpJqhajlAEB1.pgp Description: PGP signature
Re: [arch-general] Automated check log and block postfix
Hello, SET via arch-general wrote: > iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name > XT_SUB --set > iptables -A INPUT -p tcp -d 587 -i eth0 -m state --state NEW -m recent --name > XT_SUB --update --seconds 180 --hitcount 5 --rttl -j DROP Perfect it seem to work :) Thank you. Silvio pgp_HFG_mMObY.pgp Description: PGP signature
[arch-general] Small Monitoring Soulution
Hello, is there a small tool which do monitoring the different server services? Checking ping, port check and that's it. More I not need and best with a static index.html create. I find cacti to overload and I hate php setup. Thank you for help Silvio
Re: [arch-general] Small Monitoring Soulution
Hello, On Sat, 11 Jan 2020 11:49:54 + Ralph Corderoy wrote: > Have a look at https://mmonit.com/monit/ > It has a commercial big brother, but Monit itself is free software. thank you, this work perfectly. I had read from it in Arch Linux Wiki but in thoughts of me was when you have multiple hosts you need to pay. Now it run perfectly. Small settings and a webinterface without php. All done, so I love Linux :) Regards Silvio pgpik3MNuGT6T.pgp Description: PGP signature
Re: [arch-general] Small Monitoring Soulution
Hi, I have found a other tool which is also pretty solution and easy to config and run. https://jamesoff.github.io/simplemonitor/ Regards Silvio pgpFyY6hEydLO.pgp Description: PGP signature
[arch-general] Mouse freezes
Hello, since yesterday I become mouse freezes for short moments, I must often klick or move then it work. Everytime is so, it looks at the mouse slept when not need. Is there something in update since yesterday what make this trouble? [2020-01-18T07:53:39+0100] [PACMAN] starting full system upgrade [2020-01-18T07:53:55+0100] [ALPM] upgraded linux (5.4.11.arch1-1 -> 5.4.12.arch1-1) [2020-01-18T07:53:55+0100] [ALPM] upgraded acpi_call (1.1.0-275 -> 1.1.0-276) [2020-01-18T07:53:55+0100] [ALPM] upgraded snappy (1.1.7-1 -> 1.1.8-1) [2020-01-18T07:53:56+0100] [ALPM] upgraded chromium (79.0.3945.117-1 -> 79.0.3945.130-2) [2020-01-18T07:53:56+0100] [ALPM] upgraded imagescan (3.61.0-2 -> 3.62.0-1) [2020-01-18T07:53:56+0100] [ALPM] upgraded inkscape (0.92.4-10 -> 0.92.4-11) [2020-01-18T07:53:56+0100] [ALPM] upgraded libde265 (1.0.4-1 -> 1.0.5-1) [2020-01-18T07:53:57+0100] [ALPM] upgraded qt5-base (5.14.0-1 -> 5.14.0-2) [2020-01-18T07:53:57+0100] [ALPM] upgraded tracker (2.3.0-2 -> 2.3.1+6+g4d3073954-1) [2020-01-18T07:53:57+0100] [ALPM] upgraded tracker-miners (2.3.0-2 -> 2.3.1+23+g139553959-1) [2020-01-18T07:53:57+0100] [ALPM] upgraded wireguard-arch (0.0.20200105-3 -> 0.0.20200105-4) [2020-01-18T07:53:57+0100] [ALPM] upgraded wireguard-tools (1.0.20200102-1 -> 1.0.20200102-2) [2020-01-18T07:53:58+0100] [ALPM] upgraded wireshark-cli (3.2.0-1 -> 3.2.1-1) [2020-01-18T07:53:58+0100] [ALPM] upgraded wireshark-qt (3.2.0-1 -> 3.2.1-1) [2020-01-18T07:53:58+0100] [ALPM] upgraded xapps (1.6.8-1 -> 1.6.10-1) [2020-01-18T07:53:58+0100] [ALPM] upgraded xorg-server-common (1.20.6-3 -> 1.20.7-1) [2020-01-18T07:53:58+0100] [ALPM] upgraded xorg-server (1.20.6-3 -> 1.20.7-1) [2020-01-18T07:53:58+0100] [ALPM] upgraded xorg-server-xephyr (1.20.6-3 -> 1.20.7-1) [2020-01-18T08:24:46+0100] [ALPM] upgraded yay-bin (9.4.3-1 -> 9.4.4-1) Maybe someone have same problem and found the solution. The battery I have changes 3 times and nothing change. Thank you Silvio pgp5sJRLDchMu.pgp Description: PGP signature
[arch-general] Iptables
Hi, I am writing to a script to generate iptables rules. I did this with the documentation in the Arch Linux wiki and would be happy if a few professionals would take a look over the script. Suggestions for improvement, comments would be very helpful. https://github.com/sisihagen/iptables Thank you & Regards Silvio pgplHo32Q1Mop.pgp Description: PGP signature
Re: [arch-general] Iptables
Hi Andy, On Tue, 11 Feb 2020 09:10:03 + Andy Pieters wrote: > A more detailed description of what you're trying to do would be helpful. I have different servers, most with Arch but also with Debian. So I try to generate a firewall script for both systems that is customized depending on what the server is run. So the script try to find the ethernet adapter, the IP, the all open ports which are listen on 0.0.0.0 and the SERVER IP and set this in the multiport rules for tcp or udp. If on the server is used wireguard, then also rules should be activated and when running monitoring tools should be also open the ports but only from my home server. This is my goal and the script should be checked from peoples which know iptables more as me. Is this so okay, will it work or give trouble. When understand the wiki right must be the rules be in the right position. So special spoofing and bruteforce rules will be correct? There are improvements to query the Ethernet adapters, the server IP, the open ports. # port scanning $IPT -I TCP -p tcp -m recent --update --rsource --seconds 60 --name TCP-PORTSCAN -j REJECT --reject-with tcp-reset $IPT -D INPUT -p tcp -j REJECT --reject-with tcp-reset $IPT -A INPUT -p tcp -m recent --set --rsource --name TCP-PORTSCAN -j REJECT --reject-with tcp-reset $IPT -I UDP -p udp -m recent --update --rsource --seconds 60 --name UDP-PORTSCAN -j REJECT --reject-with icmp-port-unreachable $IPT -D INPUT -p udp -j REJECT --reject-with icmp-port-unreachable $IPT -A INPUT -p udp -m recent --set --rsource --name UDP-PORTSCAN -j REJECT --reject-with icmp-port-unreachable $IPT -D INPUT -j REJECT --reject-with icmp-proto-unreachable $IPT -A INPUT -j REJECT --reject-with icmp-proto-unreachable This for example my english not perfect and hope understand the wiki right. But is there a reason why is insert, delete and append active? Is it enough only use $IPT -A and rest not used? Thank you & Nice day Silvio pgpleaUYO8pwx.pgp Description: PGP signature
[arch-general] inotify and rsync as user
Hello, I have question to the combination of inotify and rsync. I want that my documents folder sync with other maschine if the host is up. So I find this soulution in net. The problem is, I write a script take it in /usr/local/bin cat /usr/local/bin/sync_docs.sh #!/usr/bin/env bash if ping -c 1 192.168.2.160 &> /dev/null; then while true; do inotifywait -r -e modify,attrib,close_write,move,create,delete /home/siefke/Dokumente rsync -avuq /home/siefke/Dokumente/ samsung:/home/siefke/Dokumente/ done fi and a systend service file. So but when the script run I become ever error siefke@192.168.2.160: Permission denied (publickey,password). So I place the script in home folder, place systemd service file in home and run it with systemd --user. The result is same. When run ssh samsung it works, when I run sync_docs.sh in shell it works. Why with systemd make it trouble? Thank you Silvio pgpA9ZIbGu135.pgp Description: PGP signature
