| Time |
Nick |
Message |
| 14:37 |
Bmagic |
OMG https://wiki.evergreen-ils.org/lib/exe/fetch.php?media=conference:superheros-120426125424-phpapp01.pdf |
| 14:38 |
Bmagic |
berick on page 27: what are you? like 12? |
| 15:38 |
Bmagic |
csharp_: I've discovered that my home IP is blocked by lupin's firewall. My home IP is inside this range 67.231.192.0-68.70.191.255 |
| 15:40 |
csharp_ |
Bmagic: 10-4 |
| 15:40 |
Bmagic |
holy mackerel! lupin has 21,621 DROP rules in iptables. |
| 15:41 |
Bmagic |
oh hi csharp_: happy Sunday :) |
| 15:41 |
csharp_ |
Bmagic: are you taking care of the block? |
| 15:41 |
Bmagic |
no, I'm not positive of the command |
| 15:41 |
csharp_ |
might've gotten too aggressive the other day |
| 15:41 |
csharp_ |
ok - looking |
| 15:42 |
Bmagic |
I'm dubious of any block for IP's starting with 67 |
| 15:45 |
csharp_ |
Bmagic: try now if you can |
| 15:45 |
csharp_ |
(from the home IP) |
| 15:46 |
Bmagic |
still a no go |
| 15:47 |
csharp_ |
try again |
| 15:47 |
Bmagic |
no go |
| 15:50 |
Bmagic |
iptables -L -nv|grep -P '\s67\.[\d]'|less |
| 15:51 |
Bmagic |
maybe one of those. I'm watching the packets tick up live whilst attempting the website: 67.231.192.0-68.70.191.255 is the likely culprit |
| 15:52 |
csharp_ |
ok, I think I've finally got it |
| 15:53 |
Bmagic |
I still see the rule, but let me try the site |
| 15:53 |
csharp_ |
hmmm |
| 15:53 |
Bmagic |
still no go |
| 15:53 |
csharp_ |
dayum |
| 15:53 |
Bmagic |
do you see the rule I'm talking about? (run that command I pasted) |
| 15:54 |
csharp_ |
yeah, and I'm seeing why my attempts are failing :-/ |
| 15:54 |
csharp_ |
can't do a batch on line numbers if you delete from top to bottom |
| 15:55 |
Bmagic |
the rule is * to * 0.0.0.0/0 with a source IP range in the rule |
| 15:56 |
csharp_ |
ok, I think I got it now |
| 15:56 |
Bmagic |
yep! |
| 15:56 |
csharp_ |
whew |
| 15:57 |
csharp_ |
for i in `iptables -n --line-numbers -L | grep ' 6' | awk '{print $1}' | sort -rg`; do iptables -D INPUT $i; done |
| 15:57 |
Bmagic |
Admining iptables, I usually make heavy use of iptables-save and iptables-restore |
| 15:57 |
csharp_ |
so any range starting with 6 |
| 15:57 |
csharp_ |
yeah, me too |
| 15:57 |
Bmagic |
where do you save the running config? I just did this command iptables-save > iptables.prod |
| 15:58 |
csharp_ |
maybe make a dir in /root to store them |
| 15:58 |
Bmagic |
also: did you see page 27 in that PDF I linked? |
| 15:59 |
csharp_ |
ha! - I do now |
| 15:59 |
Bmagic |
you're in there too :) |
| 15:59 |
csharp_ |
just saw myself |
| 16:00 |
Bmagic |
I'll be posting to the mailing list about this, but since you seem to be here. Check out my WIP: https://docs.google.com/spreadsheets/d/13BQHBE1vWUNmfcf2ZpClmdFLYC2YOdWTZg5t8P14EjU/edit?usp=sharing |
| 16:01 |
csharp_ |
noice |
| 16:01 |
Bmagic |
I think I just completed the spreadsheet finally. Sheesh, that was a slog |
| 16:02 |
csharp_ |
I bet |
| 16:02 |
csharp_ |
I remember doing something perl-ish a long time ago to accomplish something similar |
| 16:02 |
Bmagic |
funny that 2009 had better coverage than 2010 |
| 16:03 |
Bmagic |
This spreadsheet is a stepping stone toward something else. I'll post to the list when I'm ready to share |
| 16:03 |
csharp_ |
coolio |
| 16:03 |
csharp_ |
Bmagic++ |
| 16:03 |
Bmagic |
ty for the FW rule update! |
| 16:04 |
Bmagic |
csharp_++ |
| 16:04 |
csharp_ |
sure |
| 16:04 |
Bmagic |
I think that for loop may have deleted any rule that contained the character "6" including line number 6, etc. |
| 16:06 |
Bmagic |
yeah, it deleted 523 rules |
| 16:06 |
Bmagic |
which is probably ok, since it probably needs a re-eval anyways after so many years of accumulation |
| 16:06 |
csharp_ |
it should have been 6 preceded by a space |
| 16:06 |
csharp_ |
but yeah, we can always re-block ;-) |
| 16:07 |
Bmagic |
ah, yep, preceeded by a space |
| 16:07 |
Bmagic |
still hit a lot of rules |
| 16:07 |
Bmagic |
I'm afk for now, have a good day! |
| 17:36 |
|
sandbergja joined #evergreen |
