TechHub

1 post1 participant1 post today

albi insincerely yourskonec <a href="https://f.cz/tags/IPTables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IPTables</a> je v dohlednu, částecně už i na dosah za poslední rok jsem investoval čas a z předchozích <a href="https://f.cz/tags/UFW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UFW</a> a mrtvého <a href="https://f.cz/tags/Shorewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shorewall</a> přeskočil <a href="https://f.cz/tags/FirewallD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FirewallD</a> rovnou do nahatých <a href="https://f.cz/tags/NFTables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NFTables</a>- UFW využívá na pozadí iptables automaticky překládané do nftables, což je paskvil, který může vyhovovat závislákům na prehistorických iptables souborech "na které se nešahá", ale progresivnějšímu uživateli dost svazuje ruce - navíc je nutné mít namemorovanou jejich speciální syntaxi a hlavně skladbu argumentů, takže většinou zadám validní příkaz na asi 4. pokus- FirewallD si samozřejmě taky vymyslel vlastní příkazovou syntaxi, ale zároveň zapleveluje nftables nepoužívanými chainy, přijít k cizímu stroji a udělat nějakou drobnou úpravu v pravidlech je skoro na nobelovku- NFtables jsou za mě nejpřehlednější a nejspolehlivější (největší kontrola), navíc umožňujou mít totální kontrolu nad firewallem a poslat k šípku snahy Dockeru o nadvládu - navíc jsou velmi jednoduché a snadno pochopitelné

Marcos Dione<a href="https://mastodon.social/@JulianOliver" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@JulianOliver</a> I guess it's the same than with physics: classic mechanics works fine until you need more detail and use quantum instead.For deep level but still with a patine of abstraction I suggest <a href="https://en.osm.town/tags/ShoreWall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ShoreWall</a>. A shame the config language won't ever evolve from text based tables, but definitely better than writing ip/nftables rules by hand, and IIRC¹ it has a try mode that rolls back in case you get kicked out.¹ I think I sued it once, but it's been a looong while since I last touched my FW.

Talkless :debian: :kde:<a href="https://fosstodon.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FOSS</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/Firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Firewall</a> <a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://fosstodon.org/tags/NetSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetSec</a> Just finished migrating from <a href="https://fosstodon.org/tags/Shorewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shorewall</a> (iptables) firewall configurator to <a href="https://fosstodon.org/tags/foomuuri" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#foomuuri</a> (nftables) in my personal <a href="https://fosstodon.org/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Debian</a> Sid laptop.Took about four-five hours or so.Ruleset is now shorter and actually easier to read. I have paranoid setup where even outgoing AND localhost traffic is filtered...Feels refreshing after upgrade 👍 . And it's simply just great peace of <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> software engineering:<a href="https://github.com/FoobarOy/foomuuri" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/FoobarOy/foomuuri</a>

L'autreПеревел свои :calculate: сервера с <a href="https://calculate.social/tags/shorewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shorewall</a> на <a href="https://calculate.social/tags/nftables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nftables</a>. Насколько же все стало проще и логичней!

Antoine Mottier<a href="https://fosstodon.org/@0xDEADBEEF" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@0xDEADBEEF</a> thanks for mentioning <a href="https://fosstodon.org/tags/Shorewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shorewall</a> 👍 After taking a close look it seems that it won't provided added value compared to using directly <a href="https://fosstodon.org/tags/nftables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nftables</a> at least for my needs. Also I didn't see any new commits (<a href="https://gitlab.com/shorewall/code/-/commits/master" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gitlab.com/shorewall/code/-/commits/master</a>) for more than a year on the project so I'm not sure if it either super stable or no longer actively maintained?

Marcos Dione<a href="https://en.osm.town/tags/til" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#til</a>* <a href="https://en.osm.town/tags/shorewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shorewall</a>, the trusty <a href="https://en.osm.town/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://en.osm.town/tags/firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#firewall</a> you can simply describe in a few config files, has a `try` command to setup the firewall for a while and tear it down again after a timeout. Very good for configuring the firewall remotely; combine with ssh and <a href="https://en.osm.town/tags/screen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#screen</a>. I still lick my scars for the night I did the cowboy thing, tried to setup a firewall by hand, and the first thing I did was to `DROP` all packets. I lost a good job opportunity because of that. <a href="https://en.osm.town/tags/NeverAgain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NeverAgain</a>

ZERO GmbHIf you've followed our recent posts, you already know that we gave Shorewall a try to tidy up our VPN firewall rules and gain full overview about our configuration. Our migration to Shorewall has been successful and we'd like to share some insights in our configuration: "Keeping the Wireguard VPN firewall clear with Shorewall" - <a href="https://blog.zero-iee.com/en/posts/vpn-firewall-shorewall/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://blog.zero-iee.com/en/posts/vpn-firewall-shorewall/</a>Shorewall by Tom Eastep is just perfect for small to mid size firewall deployments that are mostly static and not too complex. One of our developers uses OpnSense and PfSense for more complex scenarios in his private projects. Which firewall / configuration tool do you use and why?<a href="https://techhub.social/tags/shorewall" class="mention hashtag" rel="tag">#shorewall</a> <a href="https://techhub.social/tags/firewall" class="mention hashtag" rel="tag">#firewall</a> <a href="https://techhub.social/tags/wireguard" class="mention hashtag" rel="tag">#wireguard</a> <a href="https://techhub.social/tags/vpn" class="mention hashtag" rel="tag">#vpn</a> <a href="https://techhub.social/tags/teamzero" class="mention hashtag" rel="tag">#teamzero</a> <a href="https://techhub.social/tags/zeroiee" class="mention hashtag" rel="tag">#zeroiee</a> <a href="https://techhub.social/tags/blog" class="mention hashtag" rel="tag">#blog</a> <a href="https://techhub.social/tags/techblog" class="mention hashtag" rel="tag">#techblog</a> <a href="https://techhub.social/tags/linux" class="mention hashtag" rel="tag">#linux</a> <a href="https://techhub.social/tags/debian" class="mention hashtag" rel="tag">#debian</a>

ZERO GmbHWe're currently evaluating Shorewall [1] as a Firewall / iptables configuration tool. Configuring iptables manually [2] works, but can get messy and thus is error prone. For our VPN server with its many customer VPNs, we are looking for a clearer solution that can be easily configured via configuration files. One of our developers has already used Shorewall and is impressed by the software. It was therefore a natural decision to take a look at it. Initial experiments have gone well![1]: <a href="https://shorewall.org/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://shorewall.org/</a> [2]: <a href="https://blog.zero-iee.com/posts/multi-tenant-wireguard-vpn-server/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://blog.zero-iee.com/posts/multi-tenant-wireguard-vpn-server/</a><a href="https://techhub.social/tags/wireguard" class="mention hashtag" rel="tag">#wireguard</a> <a href="https://techhub.social/tags/shorewall" class="mention hashtag" rel="tag">#shorewall</a> <a href="https://techhub.social/tags/foss" class="mention hashtag" rel="tag">#foss</a> <a href="https://techhub.social/tags/server" class="mention hashtag" rel="tag">#server</a> <a href="https://techhub.social/tags/vpn" class="mention hashtag" rel="tag">#vpn</a> <a href="https://techhub.social/tags/firewall" class="mention hashtag" rel="tag">#firewall</a>

DeaDSouL :fedora:What <a href="https://fosstodon.org/tags/firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#firewall</a> frontend do you use on your <a href="https://fosstodon.org/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> distro? Please boost, for more range 📶<a href="https://fosstodon.org/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iptables</a> <a href="https://fosstodon.org/tags/nftables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nftables</a> <a href="https://fosstodon.org/tags/ipset" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ipset</a> <a href="https://fosstodon.org/tags/firewalld" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#firewalld</a> <a href="https://fosstodon.org/tags/shorewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shorewall</a> <a href="https://fosstodon.org/tags/ufw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ufw</a> <a href="https://fosstodon.org/tags/gnulinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gnulinux</a> <a href="https://fosstodon.org/tags/network" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#network</a> <a href="https://fosstodon.org/tags/networksecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networksecurity</a> <a href="https://fosstodon.org/tags/distro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#distro</a>

Recent searches

Search options

Administered by:

Server stats:

#shorewall