Shoreline Firewall

Posted on by

Shoreline Firewall.

The Shoreline Firewall, more commonly known as Shorewall, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.

Shorewall is not a daemon. Once Shorewall has configured the Linux networking subsystem, its job is complete and there is no Shorewall process left running in your system. The /sbin/shorewall program can be used at any time to monitor the Netfilter firewall.

Schneier on Security: My Open Wireless Network

Posted on by

Whenever I talk or write about my own security setup, the one thing that surprises people — and attracts the most criticism — is the fact that I run an open wireless network at home. There’s no password. There’s no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

via Schneier on Security: My Open Wireless Network.

nf_conntrack and the conntrack program

Posted on by

Anyway I did at a fast cat /proc/net/nf_conntrack | grep 5060 to get all connection tracking entries for SIP. And I found more than one, here is on example.

via nf_conntrack and the conntrack program | Robert Penz Blog.

More info on conntrack here…

The timeout for this entry is 180 sec and 172 seconds to go, and the SIP client was all the time sending new probes and therefore the connection was never dropped. What can you do in this instance? You can install conntrack. It is a userspace command line program targeted at system administrators. It enables you to view and manage the in-kernel connection tracking state table. If you want to take a look at the manual without installing it (apt-get install conntrack) you can take a look at this webpage which contains the man page. With this program I did delete the entries with the wrong IP address and everything worked again.

SquidGuard

Posted on by

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free. SquidGuard is published under GNU Public License.

via SquidGuard.

Building an XMPP Server – Part 1

Posted on by

After reading several reviews, I chose ejabberd. Ejabberd can be downloaded from the previous link, but it also has the advantage of being located in the Ubuntu repositories. I created a Ubuntu Server and loaded ejabberd using “sudo apt-get install ejabberd”. Couldn’t be easier! And using a virtual machine to build the server means I can install it at customer locations without building a new server every single time, it will just need to be reconfigured once it is spun up.

via Building an XMPP Server – Part 1 | Jameson Networks Blog.

Ejabberd is also part of the fedora repositories but not part of the CentOS repos.