Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-06, George at Clug wrote: > To disable port forwarding would this be a better method? "ceinture et bretelles" (I let you translate) > # echo 0 > /proc/sys/net/ipv4/ip_forward > # cat /etc/sysctl.conf > # Uncomment the next line to enable packet forwarding for IPv4 > #net.ipv4.ip_forwa

Re: nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread Michel Verdier
On 2024-08-06, George at Clug wrote: > # nano /etc/nftables.conf /etc/nftables.conf is used to load rules at boot by systemd nftables.service. It's safer to edit another file, test it with nft -f, then if it's correct to copy it to /etc/nftables.conf. If something goes wrong a reboot could restor

Re: Authenticator apps

2024-08-05 Thread tomas
On Tue, Aug 06, 2024 at 07:10:38AM +0200, Kevin Price wrote: > Dear Mick, dear all: [...] So far, agreed. > If I understand you correctly, Mick, you're considering to move your > TOTP factor out of an independent device towards your local debian > machine for convenience, so you'd be giving away

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread john doe
On 8/6/24 01:47, George at Clug wrote: On Monday, 05-08-2024 at 22:25 john doe wrote: On 8/5/24 12:50, George at Clug wrote: On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: On 2024-08-04, George at Clug wrote: YOu realy need to be intimate with nftables, you might want to consider

Re: What is the purpose of mDNS

2024-08-05 Thread tomas
On Mon, Aug 05, 2024 at 11:49:37PM -0500, David Wright wrote: > On Sat 03 Aug 2024 at 11:26:38 (+0200), to...@tuxteam.de wrote: [...] > > It is part of Microsoft's promise that anyone can be sysadmin [...] > Isn't that what modern networking is striving to attain? Whoever "modern networking" i

Re: Authenticator apps

2024-08-05 Thread Kevin Price
Dear Mick, dear all: Am 05.08.24 um 09:06 schrieb Michael Kjörling: > On 5 Aug 2024 05:31 +0800, from wes...@mxcloud.eu.org (Wesley): >> OT question, can debian desktop run a simulator for phone app? Absolutely yes. But that's not going to help anyone in this thread. > If OP thinks a password ma

Re: nsswitch what should come first

2024-08-05 Thread David Wright
On Fri 02 Aug 2024 at 19:29:14 (-0400), Dan Ritter wrote: > Lee wrote: > > On Thu, Aug 1, 2024 at 10:40 PM Jeffrey Walton wrote: > > > > > > I personally remove mDNS and Bonjour from my machines. mDNS is not the > > > source of truth on my networks. Rather, DNS is the source of truth in > > > my n

Re: nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread George at Clug
On Tuesday, 06-08-2024 at 14:40 David Wright wrote: > On Tue 06 Aug 2024 at 14:25:45 (+1000), George at Clug wrote: > > > However I have one issue, my nftables is not recognising the label > > 'dns' for port 53, although it is recognising labels for other ports > > that I have been using (e.g.

Re: dot internal and mDNS

2024-08-05 Thread David Wright
On Sat 03 Aug 2024 at 12:59:45 (+), Andy Smith wrote: > On Sat, Aug 03, 2024 at 06:40:32PM +1000, George at Clug wrote: > > I believe ICCAN are moving to possibly replacing .local, .home, .lan, > > .corp, .mail, .localdomain, (and possibly others) with .internal ? > > home.arpa was defined by

Re: What is the purpose of mDNS

2024-08-05 Thread David Wright
On Sat 03 Aug 2024 at 11:26:38 (+0200), to...@tuxteam.de wrote: > On Sat, Aug 03, 2024 at 06:56:42PM +1000, George at Clug wrote: > > What is the purpose of mDNS ?  > > > >  It seems to be for multicast?   > > It is not /for/ multicast IP, it /uses/ multicast for name resolution. > In a nutshell

Re: nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread David Wright
On Tue 06 Aug 2024 at 14:25:45 (+1000), George at Clug wrote: > However I have one issue, my nftables is not recognising the label > 'dns' for port 53, although it is recognising labels for other ports > that I have been using (e.g. ssh, http, ntp, https). My /etc/services uses the term "domain"

Re: Authenticator apps

2024-08-05 Thread tomas
On Mon, Aug 05, 2024 at 10:22:35PM +, Corey Hickman wrote: > August 5, 2024 at 10:35 PM, "Tim Woodall" wrote: > > > > > > > > oathtool (in the same-named Debian package) might be your friend. > > > > > > > I use this too, and it gives the same numbers as FreeOTP which I have > > > > ins

nftables ssh Could not resolve service Servname not supported

2024-08-05 Thread George at Clug
Hi, I have my simple nftables firewall working (thanks to people who have posted). However I have one issue, my nftables is not recognising the label 'dns' for port 53, although it is recognising labels for other ports that I have been using (e.g. ssh, http, ntp, https). When I checked on the

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread jeremy ardley
On 6/8/24 08:05, George at Clug wrote: Is it possible to be aware of all the ports required by systems/services like "AWS / Cloudflare / etc", such that it is possible to ensure any firewalls that are put in place do not inhibit the features of these systems? In AWS you have a Virtual Priv

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 23:27 Dan Purgert wrote: > On Aug 04, 2024, George at Clug wrote: > > > > > > On Sunday, 04-08-2024 at 16:15 john doe wrote: > > > On 8/4/24 06:48, jeremy ardley wrote: > > > > > > > > On 4/08/2024 12:26 pm, George at Clug wrote: > > > >> > > > >> If I go to the local

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Charles Curley
On Tue, 06 Aug 2024 09:44:32 +1000 George at Clug wrote: > This morning, after thinking on these things I realise I am wrong. > > I am showing both my ignorance and my stupidity. > > "Times have changed", "That was then, this is now". My compliments on your willingness to do so. It is not ea

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 22:25 john doe wrote: > On 8/5/24 12:50, George at Clug wrote: > > > > > > On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: > >> On 2024-08-04, George at Clug wrote: > >> > >>> I think I finally have success (had to fix way too many typos). > >>> > >>> Please review,

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Tuesday, 06-08-2024 at 04:12 Charles Curley wrote: > On Tue, 06 Aug 2024 01:12:08 +1000 > George at Clug wrote: > > > It would be nice if systems were not so complex that they required > > frontends to be usable. > > Perhaps it would be nice. But that's not the way of the world. I wrote >

Re: Authenticator apps

2024-08-05 Thread Corey Hickman
August 5, 2024 at 10:35 PM, "Tim Woodall" wrote: > > > > oathtool (in the same-named Debian package) might be your friend. > > > > I use this too, and it gives the same numbers as FreeOTP which I have > > installed on my phone. > Me second with oathtool which just works for me. regards.

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Charles Curley
On Tue, 06 Aug 2024 01:12:08 +1000 George at Clug wrote: > It would be nice if systems were not so complex that they required > frontends to be usable. Perhaps it would be nice. But that's not the way of the world. I wrote 6502 assembly code and hand-assembled it way back when. I was very glad t

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 21:52 Michel Verdier wrote: > On 2024-08-05, George at Clug wrote: > > > Down below is the output of the translation commands for my Iptables > > commands. Interesting but again, I will need to learn what this means, > > it does not look self explanatory. But hopefully

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 22:25 john doe wrote: > On 8/5/24 12:50, George at Clug wrote: > > > > > > On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: > >> On 2024-08-04, George at Clug wrote: > >> > >>> I think I finally have success (had to fix way too many typos). > >>> > >>> Please review,

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 23:27 Dan Purgert wrote: > On Aug 04, 2024, George at Clug wrote: > > > > > > On Sunday, 04-08-2024 at 16:15 john doe wrote: > > > On 8/4/24 06:48, jeremy ardley wrote: > > > > > > > > On 4/08/2024 12:26 pm, George at Clug wrote: > > > >> > > > >> If I go to the local

Re: Authenticator apps

2024-08-05 Thread Tim Woodall
On Sun, 4 Aug 2024, to...@tuxteam.de wrote: On Sun, Aug 04, 2024 at 05:44:07PM +0100, Mick Ab wrote: I have a Debian Bullseye desktop PC. I am looking for a 2fa authenticator that works on my desktop, without using a smartphone or tablet. I don't know what an "authenticator app" is. If what

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Dan Purgert
On Aug 04, 2024, George at Clug wrote: > > > On Sunday, 04-08-2024 at 16:15 john doe wrote: > > On 8/4/24 06:48, jeremy ardley wrote: > > > > > > On 4/08/2024 12:26 pm, George at Clug wrote: > > >> > > >> If I go to the local coffee shop and connect my laptop to their WiFi, > > >> which incoming

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread john doe
On 8/5/24 12:50, George at Clug wrote: On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: On 2024-08-04, George at Clug wrote: I think I finally have success (had to fix way too many typos). Please review, and please comment if it can be improved. Don't fix typo and instead rewrite your

VM, wifi, NAT (was: Re: Internet facing Firewalls mDNS UPnP SMB)

2024-08-05 Thread Max Nikulin
On 05/08/2024 17:50, George at Clug wrote: I am also a bit concerned about the statement "table ip nat", I do not want [e.g. need] any Network Address Translation occurring. Re: VirtualBox (VB) and Window

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-05, George at Clug wrote: > Down below is the output of the translation commands for my Iptables > commands. Interesting but again, I will need to learn what this means, > it does not look self explanatory. But hopefully, like everything > computer related, it is usually not that compl

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread George at Clug
On Monday, 05-08-2024 at 17:25 Michel Verdier wrote: > On 2024-08-04, George at Clug wrote: > > > I think I finally have success (had to fix way too many typos). > > > > Please review, and please comment if it can be improved. > > Don't fix typo and instead rewrite your rules with nftables > h

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-04, George at Clug wrote: > I think I finally have success (had to fix way too many typos). > > Please review, and please comment if it can be improved. Don't fix typo and instead rewrite your rules with nftables https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to

Re: Internet facing Firewalls mDNS UPnP SMB

2024-08-05 Thread Michel Verdier
On 2024-08-04, George at Clug wrote: > I do like the idea of blocking all outbound connections, and only > opening ports that are required for whatever services I want to use. I do the same. > For servers I often do, but for workstations, sadly I am often lazy and > default to allowing all outgo

Re: Authenticator apps

2024-08-05 Thread Michael Kjörling
On 5 Aug 2024 05:31 +0800, from wes...@mxcloud.eu.org (Wesley): > OT question, can debian desktop run a simulator for phone app? If OP thinks a password manager is "more complicated than needed", then what isn't running a hardware emulator + whole operating system + Who knows what? -- Michael Kj