Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Between infinite and short there is a big difference. -- G. H. Gonnet


computers / rocksolid.shared.i2p / Re: FirewallD Tips

SubjectAuthor
* FirewallD TipsGuest
`* FirewallD TipsAnonUser
 `* FirewallD TipsGuest
  `- FirewallD TipsAnonUser

1
FirewallD Tips

<r2po8s$21u$1@i2pn2.org>

 copy mid

https://novabbs.com/computers/article-flat.php?id=183&group=rocksolid.shared.i2p#183

 copy link   Newsgroups: rocksolid.shared.i2p
Path: i2pn2.org!.POSTED!not-for-mail
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Subject: FirewallD Tips
Date: Fri, 21 Feb 2020 18:14:51 -0500
Organization: Dancing elephants
Lines: 35
Message-ID: <r2po8s$21u$1@i2pn2.org>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 21 Feb 2020 23:14:39 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="def.i2p";
logging-data="2110"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: FUDforum 3.0.7
X-FUDforum: 6666cd76f96956469e7be39d750cc7d9 <101873>
 by: Guest - Fri, 21 Feb 2020 23:14 UTC

FirewallD Tips

Just let me say that if you are running nginx or Arch with BSD server or Gentoo with ZeroShell router... don't waste your time reading further.

This is for Linux people who use GUFW or UFW and their sense of self preservation screams HELP! Even Parrot uses GUFW a disgrace!

First just let me say that FirewallD is a complex dynamic firewall and it is not simple to learn. You would expect that people that maintained i2p/d repos for Fedora (FirewallD is standard) for years would know better by now, but this is not the case. I have not seen one done correctly yet, just some dangerous junk.

I will use the instructions for Debian and remember these are just tips for i2p Java for a static configuration.

You need to install: firewalld, firewall-config, firewall-applet and python3-firewall. sudo apt or syanptic or some other package manager is fine.
To start the graphical configuration /usr/bin/firewall-config or click on the brick wall that appears in your menu.
1. To make permanent changes you need to change from Runtime to Permanent and than from Option to Reload Firewall. I suggest you do it after each change to make sure it saved.
2. First change the default zone to Drop (Options -> Change Default Zone). Reload firewall.
3. Top Tab = Zones Bottom Tab = Ports
Add your i2p ports here: 123 UDP, Your router ports lets say 12345 UDP, 12345 TCP
4. Top Tab = Zones Bottom Tab = Source Ports
Add your i2p ports 12345 UDP and 12345 TCP ports.
5. Top Tab = Zones Bottom Tab = Port Forwarding
Add your ipv4 protocol ports Only to those specified by i2p Java. Most maintainers do the whole range.
6 Top Tab = Zones Bottom Tab = Interface
Add your interface (example eth0)
7 Top Tab = Services Bottom Tab = Ports
Select NTP from the list and add UDP and TCP 123
8 Top Tab = Services Bottom Tab = Source Port
Add your i2p ports 12345 UDP and 12345 TCP ports and 123 UDP

Posted on def3

Re: FirewallD Tips

<3026a4938dc8eac4cc4cfcbbb0e7d148$1@rslight.i2p>

 copy mid

https://novabbs.com/computers/article-flat.php?id=184&group=rocksolid.shared.i2p#184

 copy link   Newsgroups: rocksolid.shared.i2p
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Subject: Re: FirewallD Tips
Date: Fri, 21 Feb 2020 23:23:55 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <3026a4938dc8eac4cc4cfcbbb0e7d148$1@rslight.i2p>
References: <r2po8s$21u$1@i2pn2.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 21 Feb 2020 23:23:55 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="6964"; mail-complaints-to="usenet@i2pn2-novalink.localdomain"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$vCo1qrRpNAoV5irXTh2Mc..Z9kaGWdtYCqIEaLsju24kX835lxkkm
 by: AnonUser - Fri, 21 Feb 2020 23:23 UTC

Guest wrote:

> FirewallD Tips

> Just let me say that if you are running nginx or Arch with BSD server or Gentoo with ZeroShell router... don't waste your time reading further.

> This is for Linux people who use GUFW or UFW and their sense of self preservation screams HELP! Even Parrot uses GUFW a disgrace!

> First just let me say that FirewallD is a complex dynamic firewall and it is not simple to learn. You would expect that people that maintained i2p/d repos for Fedora (FirewallD is standard) for years would know better by now, but this is not the case. I have not seen one done correctly yet, just some dangerous junk.

What makes firewalld a better choice than ufw? Aren't they both basically frontends for iptables?

--
Posted on Rocksolid Light
rslight.i2p

Re: FirewallD Tips

<r2roum$ap6$1@i2pn2.org>

 copy mid

https://novabbs.com/computers/article-flat.php?id=185&group=rocksolid.shared.i2p#185

 copy link   Newsgroups: rocksolid.shared.i2p
Path: i2pn2.org!.POSTED!not-for-mail
From: gue...@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Subject: Re: FirewallD Tips
Date: Sat, 22 Feb 2020 12:38:47 -0500
Organization: Dancing elephants
Lines: 0
Message-ID: <r2roum$ap6$1@i2pn2.org>
References: <3026a4938dc8eac4cc4cfcbbb0e7d148$1@rslight.i2p>
Reply-To: Guest <guest@retrobbs.rocksolidbbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 22 Feb 2020 17:38:31 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="def.i2p";
logging-data="11046"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: FUDforum 3.0.7
X-FUDforum: 6666cd76f96956469e7be39d750cc7d9 <101877>
 by: Guest - Sat, 22 Feb 2020 17:38 UTC

Firewalld is systemD. It was release by Red Hat so that people will write dynamic configurations. For i2p you can allow only the reseed servers at start and latter configure based on needs. That would be a lot of work. They do have a site and you can search for comparisons.
Posted on def3

Re: FirewallD Tips

<4458c1ae30f94af9e4309436dfafa383$1@rslight.i2p>

 copy mid

https://novabbs.com/computers/article-flat.php?id=186&group=rocksolid.shared.i2p#186

 copy link   Newsgroups: rocksolid.shared.i2p
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Subject: Re: FirewallD Tips
Date: Sun, 23 Feb 2020 10:41:36 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <4458c1ae30f94af9e4309436dfafa383$1@rslight.i2p>
References: <3026a4938dc8eac4cc4cfcbbb0e7d148$1@rslight.i2p> <r2roum$ap6$1@i2pn2.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 23 Feb 2020 10:41:36 -0000 (UTC)
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="18585"; mail-complaints-to="usenet@i2pn2-novalink.localdomain"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$xrsddVp2Nb0lesMFyq5T8OWOdcwcppb3Bzn0XYr9sKndgqTVOsaG6
 by: AnonUser - Sun, 23 Feb 2020 10:41 UTC

Guest wrote:

> Firewalld is systemD.

I already have too much systemd thanks for the warning.

--
Posted on Rocksolid Light
rslight.i2p

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor