I have

rocky 8 PHP 8.1 Apache/2.4.37 (rocky)

Firewalld blocking thousands and thousands of IP's

enable with firewall-cmd --permanent --zone=block --add-source=ipset:block_ips

When I reboot the server the firewalld blocks the httpd server, and I can't access to the webpage.

My solution is to restart the firewall and everything is ok again.

The firewalld is enabled and shouldn't be necessary to restart  ...

I have set up an email server using a wizard tool, although I was hoping to alter the default behavior configuration such that when I receive emails from addresses I explicitly blacklist, those messages are immediately deleted as opposed to routed to the Junk folder.

I have currently been manually blacklisting addresses by adding blacklist_from [email protected] to /etc/mail/spamassassin/local.cf

I have a Cisco 3860. I have configured it so much that I have it all memorized and down to a couple minutes at this point.

I configure the switch and everything works.

• I add my trunk port
• I add everything to the right vlans
• I give the switch an ip address

And boom, internet flowing and access to everything is there!

So I try copy running-config startup-config then reload. My configuration is gone.

We are observing a massive uptick in metadata requests to an NFSv4.1 (AWS EFS) network drive that is linked to a one or more web servers. This started happening about a week ago across a number of stacks.

I've done a bunch of diagnostics;

nfsiostat shows 60-450 ops/s on the servers where it is happening.

nfstrace --mode=live --verbose=2 shows that the same operations are happening repeatedly on 2 ...

AWS VPN with split tunnel enabled. When I connect to the VPN with the AWS VPN Client, I lose Internet on my Mac endpoint. However, I do seem to reach the VPN as I see my connection in the AWS VPN console.

• I have a VPC with IPv4 CIDR 172.31.0.0/16 and 3 subnets 172.31.32.0/20, 172.31.0.0/20 and 172.31.16.0/20
• The VPC has an internet gateway attached.
• I have a Client VPN endpoints with Client CIDR 10.0.0 ...

When you sign in to a new account on a domain, windows automatically downloads a lot of junk apps. For example: instagram, MSN, edge, Facebook messenger. How can I, as an administrator prevent this? So windows doesn't install these apps anymore?

So, I am closing out a google workspace and I exported ALL of the data from the suite and it's sitting in my bucket.

When I try to download ALL of the data, I get this popup that tells me I can only use gsutil to download all of the data and google workspace is even nice enough to provide me with the syntax to paste into gsutil.

The problem is the commands are not working.

So, I need to know the CORREC ...

I have a weird issue with my MikroTik RouterBOARD hEX - RB750Gr3 (running Router OS 7.8).

Certain TCP connections are extremely slow, for example this 93 KB file takes ages to download from the clients in the router’s LAN:

curl https://gewerbeauskunft.bremen.de/navigaweb/res/themes/System_09.12.06/js/jquery-1.11.3.min.js > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time    ...

An external IP is connecting to my mailserver VM every second and I just want to block this IP immediately without dropping existing connections.

So I apply a DROP rule. I even reloaded all the iptables rules, but the external IP is still connecting to the mail server.

I used conntrack to stop existing connections.

iptables -F
iptables -X
iptables -t nat -F
echo 1 > /proc/sys/net/ipv4/ip_forward

for  ...

Want to start by saying I'm pretty new to Kubernetes and I'm finding it hard to formulate a proper question.

The implementation I'm using of k8s is microk8s.

I have this application that analyzes a feed from a camera. The url of the camera feed is configurable.

At the moment I have 10 cameras. My current solution is to have 10 different deployments and 10 different configmaps looking like this:

ap ...

It is possible to configure SQL Server encryption mode as Strict, rather than Mandatory. Unlike other versions of SQL Server and ODBC drivers where you could only specify whether you want the encryption or not, the choice has been changed from True/False, or yes/no to Optional/Mandatory/Strict. However I can't find what exactly is the Strict mode. Are there any additional checks, or how is it different  ...

We have an internal, regional LB in europe-west1 in Project A, and we have exposed it to Project B using Private Service Connect.

We established connectivity from a caller in europe-west1, so we know the connection works, but Project B's resources are in europe-west3. Is there a way to allow cross-region connectivity for PSC?

We don't want to make the LB global for security reasons

This works:

This doesn ...

I am new to nftables. I have read a few docs and went through the main wiki page and I still don't understand how the DOCKER-USER chain work.

Here is the table which was created by docker:

table ip filter {
        chain DOCKER {
        }

        chain DOCKER-ISOLATION-STAGE-1 {
                iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
       ...

we have several environments where multiple loadbalancers are sharing the traffic. to check them individually, we would like to be able to specify which ip to use.

we found forum entries that talk about using "https://$IP" and then set the host header. this seems to work, but it seems kind of odd - from what i see in zabbix and in the loadbalancer logs, it seems to use the value from the host hea ...

puppetdb on ubuntu 16.04 does not start, i am not able to find any specific reasons, any ideas anyone?

root@pupper-master1:/etc/puppet# dpkg -l | grep puppet
ii  puppet                           4.8.2-5                                    all          configuration management system
ii  puppet-common                    4.8.2-5                                    all          transitional dummy packag ...

I currently run an email system with Postfix/Dovecot and I am looking for a way to scan the contents of attachments (mainly doc(x) and pdf) for certain words and bounce the email back to the user with a message in case something has been found. Amavis doesn't seem to work (no option to scan the body), rspamd doesn't scan inside of attachments. I guess I can always try and write my own milter but I'd lik ...

I would like Nginx to call an External OAuth server to validate a bearer token and additionally extract the client_id from the OAuth validation response. I need the client_id to apply rate limiting.

However, I have not been able to find a native way in Nginx to simply extract an attribute from a response body. I was hoping to do something simple like regexing a variable such as $response_body.

I did ...

We use GCP for running Kubernetes and for communication with our services in different locations using VM masquerading by iptables. The first time we faced an issue with performance when we use only one CPU for masquerading. We fixed it enabling SMP and allowing to use of more than one core, but after it, we faced another issue, after some time ksoftirqd utilize all available cores and VM become u ...

I have a problem where Exim4 will not start/restart/reload... nothing works via /etc/init.d/exim4 nor systemctl start exim4... Both produce no output on the console - the start procedure just hangs indefinitely. However when I start in debug via exim -bd -d, exim loads and no obvious errors on the output.

Systemctl & init.d scrip produce no logging as to why the start script fails. I am also a bit co ...

I have setup postfix on my Debian server to send emails (my website uses PHP Mail() to send notifications to its users).

I observe that on failed deliveries, the system tries to send the notifications to [email protected], which is my "sender". Since my server is not configured to receive email, I obtained the following kind of errors:

2DD2E1A2037    9139 Wed Mar 15 11:13:39  MAILER-DAEMON
    (c ...

I just add tc filter like this :

tc filter add dev enp1s0f0 parent 1:0 protocol ip prio 1 u32 match ip dst 10.90.0.0/16 flowid 1:1
tc filter add dev enp1s0f0 parent 20:0 prio 1 handle 4: protocol ip u32 divisor 256
tc filter add dev enp1s0f0 protocol ip parent 20:0 prio 5 u32 ht 800:: match ip src 10.108.0.0/24 hashkey mask 0x000000ff at 12 link 4:
tc filter add dev enp1s0f0 parent 20:0 prio 1 hand ...

My network consists of two different locations and in both I have a Postfix server running for outgoing mail on each of them. Mail gets submitted to any of the two round-robin, based on having them both in DNS, e.g. smtp.mydomain.tld points to two A-records. Users submit their mail there and these servers will send the mail out. All good so far in the happy flow.

Now, sometimes it happens that the nexth ...

I have an old Dell Precision I used to run ESXi on. Went to reinstall it, the installer sees both drives in it just fine on both 7.0u3 and 8.0.

However, after installation on the NVMe drive, post boot, I go to create a new datastore on the 3.64TiB drive and it's not there.

Windows was just on the host so I am certain that the drive both exists and is in proper working condition.

Note: I am not aski ...

Apache/2.4.34 (Red Hat) OpenSSL/1.0.2k-fips on CentOS 7, PHP 7.4.33, I have installed and enabled http/2 following the guide at How to enable http/2 from a Centos Package/yum?. No errors are reported and the module is loaded but pages remain served over http/1.1.

I have moved from prefork mpm to event, so this is not the issue.

This is not a browser cache issue.

Apache has been restarted multiple times. ...

I have a firewalld setup with two zones.

One zone, some-ips-allowed, is used to permit traffic from specific IP networks on some ports:

some-ips-allowed (active)
  target: default
  icmp-block-inversion: no
  interfaces:
  sources: ipset:some-ip-set
  services:
  ports: 22/tcp 80/tcp 443/tcp
  ...

The some-ip-set contains some networks, say, 10.0.0.0/8.

Another zone has some interfaces assigned (wh ...

I have decided to create a simple monitoring tool for my Linux server. For the CPU montoring I relied on top command but I have feq queries on that.

In the attached Top Command image of top command output, you can see the idle is 96.8% means CPU utilisation is 3.2% but, sum of CPU% of all the process listed (Image cropped for CPU% > 0.0) is more than the total utilised (3.2%)

Trying to setup netplan (networkd) gateway-routing, with no-dhcp, iptables forwarding+Nat, between the 2 NICs:

• wan0 connected to Internet via its (default) gateway
• lan0 connected to the Lan gateway/router (**)

The current yaml looks like:

Let NetworkManager manage all devices on this system

network: version: 2 renderer: networkd ethernets: wan0: match: macaddress: 00:1e:67:15:01:31 set-name: wan0 ...

So we wanted to have one of our domains in godaddy to point on another hosted service on another godaddy account. The site already has SSL in it and the other domain didn't we installed the certificate through autossl. But it prompted an error err_cert_common_name_invalid they said we should not use auto SSL if we are not in the same IP. so my question is what is the best way to handle this kind  ...

we have setup'd a bastion that only responds with the ssh-rsa host key algorithm when querying:

ssh-keyscan bastion.ops.dev.xxx.com

# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
bastion.ops.dev.xxx.com ssh-rsa AAAAB3Nza...+REOQ8RMWBWH
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
# bastion.ops.dev.xxx. ...

Hello everyone and have a great time of the day! I've got following non trivial idea to move my K8s from AWS EKS to bare metal VMware. Initially I've tried VMware solutions like Tanzu but NSX needs real HA and I'm not currently able to bring 2 more servers, so I've build everything based on Rancher but load balancer services. What I'd like to achieve is similar to EKS FQDN ELBs: somehow link my Domain r ...