|
|
Sponsored Content
Top Forums
UNIX for Beginners Questions & Answers
Open ports from source to destination
Post 303043248 by nezabudka on Wednesday 22nd of January 2020 08:28:55 AM
01-22-2020
|
|
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
is there a command in unix/linux that allows you to sample what the historic byte rate is from a local IP to a client IP. (1 Reply)
Discussion started by: cubs0729
1 Replies
2. Shell Programming and Scripting
Hi, need help how to count unique destination for the source ip. The file is contains 4 number of fields. Example of the file is here
src ip dest ip #of flows total bytes
192.168.6.0 88.0.33.2 12 128
192.168.6.0 88.0.33.2 1 168
192.168.6.0 ... (5 Replies)
Discussion started by: new_buddy
5 Replies
3. IP Networking
Hi all,
I have some doubts in selecting the interface to transfer packets and receive the packets.
--> Multiple interfaces :
--------------------
1) 0.0.0.0 --------> wild card address.
2) x.x.x.x --------> valid address.(192.168.1.156)
3) ff.ff.ff.ff -------->... (0 Replies)
Discussion started by: vijaypdp2006
0 Replies
4. Shell Programming and Scripting
Move all files starting with a specific name to different directory.
This shell script program should have three parameters
File Name
Source Directory
Destination Directory
User should be able to enter ‘AB_CD*' in file name parameter. In this case all the files starting with AB_CD will... (1 Reply)
Discussion started by: chetancrsp18
1 Replies
5. Linux
I'd like to specify a different build and deployment path for files, by default the same path is used for both build and install, I wasn't able to find a way to make these different. With Solaris pkgadd, one can specify different paths in prototype, so I would assume something like that is possible... (0 Replies)
Discussion started by: tiburblium
0 Replies
6. Solaris
Hi Everyone,
I am using solaris 10.I am facing a different problem here with tlsftp.I have intalled all steps for tlsftp and able to connect to the destination server from the source server.It worked for some days.But recently when i am connectin it is giving below error.I am... (0 Replies)
Discussion started by: muraliinfy04
0 Replies
7. UNIX for Advanced & Expert Users
hi All,
i have 2 server setup now for Rsync, i configured Rsync on both of the server and it worked well when i did run from source to destination. and while running back from destination to source it produced this error:
bash-3.2$ ksh rsync_bravo_db.ksh usa0300uz1247.apps.mc.xerox.com... (0 Replies)
Discussion started by: lovelysethii
0 Replies
8. Shell Programming and Scripting
Hi Guys,
how to count number of files successfully copied while coping files from source to destination path
ex:10 files from source to target location copying
if 8 files copied successfully then
echo successfully copied=8
failure=2 files
if two files get error to coping files from... (23 Replies)
Discussion started by: sravanreddy
23 Replies
LEARN ABOUT DEBIAN
mxallowd
mxallowd(1) User Manuals mxallowd(1) NAME
mxallowd - dynamically whitelist your Mail eXchanger SYNOPSIS
mxallowd [-d] [-c configfile] [-t whitelist-time] [-p pflog-interface] [-l pcap-filter] [-F] [-s] [-q] [-p] -f fake-mailserver -r real- mailserver -n queue-num DESCRIPTION
mxallowd is a daemon which uses libnetfilter_queue (on Linux) or pf and pflog (on BSD) to allow (or deny) connections to a mailserver (or similar application) if the remote host hasn't connected to a fake daemon before. This is an improved version of the so-called nolisting (see http://www.nolisting.org/). The assumption is that spammers are not using RFC 2821-compatible SMTP-clients and are sending fire-and-forget spam (directly to the first or second MX-entry without retrying on error). This direct access is blocked with mxallowd, you'll only get a connection if you retry. NOTE: It is highly recommended to install nscd (nameserver caching daemon) or a similar software in order to speed-up DNS lookups. Since version 1.3, DNS lookups are done in a thread (so they don't block the main process), however, on very-high-traffic-sites, mxallowd may show significantly better overall performance in combination with nscd. OPTIONS
-b, --no-rdns-whitelist Disable whitelisting all IP-addresses that have the same RDNS as the connecting one (necessary for google mail) -c, --config Specifies an alternative configuration file (instead of /etc/mxallowd.conf) -t, --whitelist-time Specify the amount of time (in seconds) until an IP-address will be removed from the whitelist -s, --stdout Log to stdout, not to syslog -q, --quiet Don't log anything but errors. -f, --fake-mailserver Specify which IP-address the fake mailserver has (connecting to it will whitelist you for the real mailserver) -r, --real-mailserver Specify which IP-address the real mailserver has -F, --foreground Do not fork into background, stay on console -n, --queue-num (only available when compiled for netfilter_queue) Specify the queue number which will be used for the netfilter_queue-link. This has to be the same which is specified in the ipta- bles-rule and it has to be specified, there is no default. -p, --pflog-interface (only available when compiled for pf) Specify the pflog(4) interface which you configured in pf(4). The default is pflog0. Also see the pcap-filter-option if you use an interface which does not only get smtp-traffic. -l, --pcap-filter (only available when compiled for pf) Specify the filter for pcap. The default is "port 25". See tcpdump(8) for more information on the filters. FILES
/etc/mxallowd.conf System-wide configuration file. Use the long options without the beginning two dashes. For example: stdout fake-mailserver 192.168.1.3 fake-mailserver 192.168.1.4 real-mailserver 192.168.1.5 queue-num 23 EXAMPLES FOR NETFILTER
The machine has two IP-addresses. The mailserver only listens on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10. # modprobe nfnetlink_queue # iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j NFQUEUE --queue-num 23 # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4 -n 23 Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now connect to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working. EXAMPLES FOR PF
The machine has two IP-addresses. The mailserver only listens on 192.168.1.4, the nameserver returns the mx-records mx1.domain.com (192.168.1.3) with priority 5 and mx2.domain.com (192.168.1.4) with priority 10. Create a pf.conf like this: table <mx-white> persist real_mailserver="192.168.1.4" fake_mailserver="192.168.1.3" real_mailserver6="2001:dead:beef::1" fake_mailserver6="2001:dead:beef::2" pass in quick log on fxp0 proto tcp from <mx-white> to $real_mailserver port smtp pass in quick log on fxp0 inet6 proto tcp from <mx-white> to $real_mailserver6 port smtp block in log on fxp0 proto tcp to { $fake_mailserver $real_mailserver } port smtp block in log on fxp0 inet6 proto tcp to { $fake_mailserver6 $real_mailserver6 } port smtp Afterwards, load it and start mxallowd using the following commands: # pfctl -f /etc/pf.conf # mxallowd -s -F -f 192.168.1.3 -r 192.168.1.4 Then open a separate terminal and connect via telnet on your real mailserver. You'll see the connection attempt being dropped. Now connect to the fake mailserver and watch mxallowd's output. Afterwards, connect to the real mailserver to verify your mailserver is still working. The ruleset for pf is actually longer because pf does more than netfilter on linux -- netfilter passes the packets and lets mxallowd decide whether to drop/accept whilst pf blocks/passes before even "passing" to mxallowd. SEE ALSO
iptables(8), pf(4), pflog(4), tcpdump(8) AUTHOR
Michael Stapelberg <michael+mxallowd at stapelberg dot de> Linux MARCH 2012 mxallowd(1)