Profile Details

Toggle Sidebar
Recent updates
  • John Jarrett
    John Jarrett replied to a discussion, Forum Slow

    Hi again Nick!

    Might you consider a daily reboot until the issue can be found and fixed?

    John

  • John Jarrett
    John Jarrett replied to a discussion, Forum Slow

    Painful is correct! Tonight, January 8, 2020 at about 2135 MST, it took me:

    1). To open the URL to the forum pages, 65 seconds
    2). To open this thread, 70 seconds
    3). To login to the forum 75 seconds
    4). Get back to the forums, 70 seconds
    5). Get back to this thread for a comment on the 'pain' experienced, 65 seconds
    6). My guess will be to post this comment another 60 seconds at least!

    Six minutes, at a minimum, to post a comment. Wow!

    After this post was first received, the forum got very 'snappy' or speedy for a short while, then down the tubes.

    Just an "FYI" for whatever it is worth,

    John

  • I've now put it into a proper Howto in the Knowledgebase

    @John, it looks like my script has moved on a bit from when I posted. MAXELEM is now parameterised. This is a trivial change and you don't need it. I've also set it to e-mail me if the update fails.

    Also writing it up has shown a stupidity in my firewall rules. You can remove:from the firewall rules. This should have been replaced by:And not supplemented with it.

  • I've now put it into a proper Howto in the Knowledgebase

    @John, it looks like my script has moved on a bit from when I posted. MAXELEM is now parameterised. This is a trivial change and you don't need it. I've also set it to e-mail me if the update fails.

    Also writing it up has shown a stupidity in my firewall rules. You can remove:from the firewall rules. This should have been replaced by:And not supplemented with it.

  • With the help of Nick Howett and others, I have placed a complete how-to with easy to follow steps to block whole countries from your open ports at a similar post located here

  • John Jarrett
    John Jarrett replied to a discussion, Block Access From a Country

    Hi Nick!

    I completely forgot about TCP and UCP and somehow imagined a complete port block without specifying either protocol never seeing tcp in the block rule! Old and still learning even after using this and commenting on it years ago! (Love this stuff... still)!

    And thanks for reminding me to restart the firewall... again forgot about that bit!

    You ARE amazing when it comes to this stuff! Thank-you!

    I will add the bits you provided to my code post to make it a fairly complete and east country block setup.

    Thanks again!

    John

  • John Jarrett
    John Jarrett replied to a discussion, Block Access From a Country

    I think I have things consolidated and sorted out having reread the entire original thread a few times adding in the current main script. Please let me know if this is what it should be?
    --------------------------------------
    STEP A
    1) First, install ipset at the CLI by doing a: "yum install ipset --enablerepo=clearos-core"

    2). The following code goes into a file you create named "country_list.sh" and it goes into "/etc/cron.monthly".

    3). Make this file executable: with chmod 755 /etc/cron.monthly/country_list.sh.

    4). Add two (2) letter country codes for countries you wish to block in ISO="codes go here"



    STEP B
    1). The following code is added into a file you will create/name: "/etc/clearos/firewall.d/20-ipset-blocks".

    2). In last line, add the ports you wish to block, i.e.: --dports 80,25,443,587,993" and etc.



    STEP C
    1). The following code is added into an existing file: "/etc/rc.d/rc.local"



    STEP 4
    1). To start it up for the first time, from the CLI (root prompt) type in "/etc/cron.monthly/country_list.sh"

  • John Jarrett
    John Jarrett replied to a discussion, Block Access From a Country

    Hi Nick!

    Just a follow-up as I (tried to) used that script in ClearOS 6, even tho I am not certain it ever worked... Thought I would add it to my ClearOS 7 boxes. Anyway, that thread is full of stuff that has lead me off the path and confused me a bit and might confuse others as well. Especially naming of the files needed.

    To summarize, we still need the three (3) scripts, each in the directory locations noted in Marcel's posts. The main script, (which you updated and made simpler), should be made executable. What should the main script be named? Will 'blockcountry.sh' be okay?

    In the scripts you block "non-RIPE countries" meaning the RIPE countries are allowed. I need some RIPE countries blocked. What change needs to be done to ensure that whatever country specified in the ISO= line are blocked? Including RIPE addresses?

    What should we name the other two (2) scripts that are needed? Do they need the .sh extension?

    I've learned a lot from that thread but I am not sure now that it ever worked for me in ClearOS 6!

    Thanks Nick!

    John

  • Hi guys,

    The installation guide can be found in the latest blog post about tools for network visibility. You'll find the documentation on the Netify Console tool here.

    Unfortunately, the console tool does not have the option to filter on a particular IP address. However, feel free to install the Netify app in the ClearOS Marketplace and use the 7-day free trial. No strings attached. You can then use the filter criteria to drill down into the data. For example, the attached screenshot shows traffic from my Samsung TV from 3:00 am to 5:00 am. That gld.push.sumsungosp.com looks mighty suspicious... what are you uploading Mr. TV?

    Please keep in mind that each of the rows in the screenshot (and the Netify Console tool) represents a "conversation" (aka flow). For example, you would only see one entry for a Netflix stream, not tens of thousands of entries that you would see from tcpdump and other packet tools. You can then zoom in on any of the conversations to see byte counters, packet counters, network information, security details and more. Here are some Netify flow details that I saw from the same Samsung TV on my home network. In this particular case, the flow is using an old and insecure security protocol -- RC4. Really Samsung?

    Well... that turned into a bit of Samsung bashing even though I own and enjoy their TVs, mobiles and tablets. Of course, most device manufacturers are guilty of the same shenanigans, I just happen to use Samsung as an example. And don't get me started on mobile apps and marketers ... shudder.

  • Hi guys,

    The installation guide can be found in the latest blog post about tools for network visibility. You'll find the documentation on the Netify Console tool here.

    Unfortunately, the console tool does not have the option to filter on a particular IP address. However, feel free to install the Netify app in the ClearOS Marketplace and use the 7-day free trial. No strings attached. You can then use the filter criteria to drill down into the data. For example, the attached screenshot shows traffic from my Samsung TV from 3:00 am to 5:00 am. That gld.push.sumsungosp.com looks mighty suspicious... what are you uploading Mr. TV?

    Please keep in mind that each of the rows in the screenshot (and the Netify Console tool) represents a "conversation" (aka flow). For example, you would only see one entry for a Netflix stream, not tens of thousands of entries that you would see from tcpdump and other packet tools. You can then zoom in on any of the conversations to see byte counters, packet counters, network information, security details and more. Here are some Netify flow details that I saw from the same Samsung TV on my home network. In this particular case, the flow is using an old and insecure security protocol -- RC4. Really Samsung?

    Well... that turned into a bit of Samsung bashing even though I own and enjoy their TVs, mobiles and tablets. Of course, most device manufacturers are guilty of the same shenanigans, I just happen to use Samsung as an example. And don't get me started on mobile apps and marketers ... shudder.