dijous, 25 d’octubre del 2018

regla tallafoc a un horari determinat

iptables -I FORWARD 1 -p tcp --sport 53 -d 10.1.1.0/22 -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -p tcp --sport 53 -d 10.1.23.0/24  -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -p udp --sport 53 -d 10.1.1.0/22  -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -p udp --sport 53 -d 10.1.23.0/24  -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -p tcp --sport 53 -d 10.1.6.0/24  -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1  -p udp --sport 53 -d 10.1.6.0/24  -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT

iptables -I FORWARD 1 -s 10.1.1.0/22 -p tcp --dport 53 -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -s 10.1.23.0/24 -p tcp --dport 53 -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -s 10.1.1.0/22 -p udp --dport 53 -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -s 10.1.23.0/24  -p udp --dport 53 -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -s 10.1.6.0/24 -p tcp --dport 53 -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT
iptables -I FORWARD 1 -s 10.1.6.0/24 -p udp --dport 53 -m time --timestart 18:30 --timestop 21:30 --weekdays Fri -j ACCEPT


regles per divendres des de 18:30 a 21:30 es poguin fer peticiones als servidors dns arrel o qualsevol altre extern.
Publicat per a Cap comentari:

dimarts, 2 d’octubre del 2018

ies kernel: audit: type=1400 audit(1538480598.585:12): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/bin/lxc-start" name="/" pid=2180 comm="lxc-start" flags="rw, rslave"

error proxmox després d'actualitzar-se i no arrancar els contenidors lxc

pct start 400

AVC apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/bin/lxc-start" name="/" pid=2180 comm="lxc-start" flags="rw, rslave"

Oct 02 13:43:18 ies kernel: audit: type=1400 audit(1538480598.585:12): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/bin/lxc-start" name="/" pid=2180 comm="lxc-start" flags="rw, rslave"

deprés de fer seguiment d'alguns links davant aquest error aquest m'ha funcionat


https://forum.proxmox.com/threads/apparmor-preventing-lxcs-starting-after-update.42060/

I needed to manually add
deb http://download.proxmox.com/debian/pve stretch pve-no-subscription then run apt-get full-upgrade (and update ofcourse) to fix it. I am writing this as a heads up to all other people who has the same problem and as sort of bug report.
 
 
 si, ara ja puc arrancar el container


i un membre de l'starff ja indica que és correcte afegir aquest repositori

if you don't have a subscription, you need to enable the no-subscription repository like described in the docs. otherwise, you don't get updates, and thus also no bug and security fixes.
 
Publicat per a Cap comentari:
Subscriure's a: Missatges (Atom)